[SWAG Crowdsec Mod] causes fatal Nginx Lua "lua_package_path" error on boot.

[rstrblstr]

SWAG's Nginx + Crowdsec keeps reporting "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1"

I'm stumped. I've even tried forking and publishing my own Docker Mod in order to load the Alpine Lua package for Nginx; it loaded, but it didn't fix my problem.

Questions:

1. Where is "/etc/nginx/http.d/crowdsec_nginx.conf"? I'm not seeing it in my file structure.
2. What is the path that the lsio Crowdsec Mod installs the Lua Package to?
3. Is there an environment variable for Nginx that allows me to specify the Lua path?

SWAG Log:

**** Configuring CrowdSec nginx Bouncer ****
**** Adding swag-auto-reload deps to package install list ****
**** adding libmaxminddb to package install list ****
**** Successfully configured CrowdSec nginx Bouncer v1.0.5 ****
[mod-init] **** Installing all mod packages ****
fetch http://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
(1/18) Installing gettext-envsubst (0.21.1-r7)
(2/18) Installing libgomp (12.2.1_git20220924-r10)
(3/18) Installing gettext-libs (0.21.1-r7)
(4/18) Installing gettext (0.21.1-r7)
(5/18) Installing inotify-tools-libs (3.22.6.0-r2)
(6/18) Installing inotify-tools (3.22.6.0-r2)
(7/18) Installing libmaxminddb (1.7.1-r1)
(8/18) Installing lua5.1-libs (5.1.5-r12)
(9/18) Installing lua5.1 (5.1.5-r12)
(10/18) Installing lua-resty-http (0.17.1-r0)
(11/18) Installing lua-sec (1.3.1-r1)
(12/18) Installing lua5.1-socket (3.1.0-r1)
(13/18) Installing lua5.1-sec (1.3.1-r1)
(14/18) Installing lua5.1-cjson (2.1.0-r11)
(15/18) Installing luajit (2.1_p20230410-r1)
(16/18) Installing lua-resty-lrucache (0.13-r1)
(17/18) Installing lua-resty-core (0.1.26-r0)
(18/18) Installing nginx-mod-http-lua (1.24.0-r6)
Executing busybox-1.36.1-r0.trigger
OK: 203 MiB in 227 packages
Applying the maxmind mod...
Applied the maxmind mod
[custom-init] No custom files found, skipping...
MOD Auto-reload: Watching the following files/folders for changes (excluding .sample and .md files):
/config/nginx
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
[ls.io-init] done.
�������
Server ready
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1
nginx: [emerg] "lua_package_path" directive is not allowed here in /etc/nginx/http.d/crowdsec_nginx.conf:1

.
.
.
.
.
.

Here is my Docker Compose:

swag:
  image: lscr.io/linuxserver/swag
  container_name: swag
  networks:
    - portainer_default
  cap_add:
    - NET_ADMIN
  environment:
    - PUID=911
    - PGID=911
    - TZ=America/Los_Angeles
    - URL=${REVERSE_URL}
    - SUBDOMAINS=wildcard
    - VALIDATION=duckdns
    - DUCKDNSTOKEN=${DUCKDNSTOKEN}
    - DOCKER_MODS=linuxserver/mods:swag-maxmind|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-crowdsec
    - WATCHLIST="/config/nginx/nginx.conf|/config/nginx/proxy-confs"
    - MAXMINDDB_LICENSE_KEY=${MAXMINDDB_LICENSE_KEY}
    - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}  #	Required	Your bouncer API key
    - CROWDSEC_LAPI_URL=http://crowdsec:8080  #	Required	Your local CrowdSec API endpoint, for example http://crowdsec:8080
    - CROWDSEC_MODE=stream #	Optional	Set to live (immediate update) or stream to update requests every CROWDSEC_UPDATE_FREQUENCY seconds. Defaults to live
    - CROWDSEC_UPDATE_FREQUENCY=15 #	Optional	Set update frequency for use with stream mode. Defaults to 10.
  volumes:
    - /config/swag:/config
    - /config/swag/dashboard:/config/dashboard:rw
    - /config/sonarr/logs/sonarr.txt:/sonarr/log.txt:rw
    - /config/radarr/logs/radarr.txt:/radarr/log.txt:rw      
    - /config/lidarr/logs/Lidarr.txt:/lidarr/log.txt:rw  
    - /config/readarr/logs/Readarr.txt:/readarr/log.txt:rw
    - /config/bazarr/log/bazarr.log:/bazarr/log.log:rw
    - /config/overseerr3/logs/overseerr.log:/overseerr/log.log:rw      
    - /config/sabnzbd/logs/sabnzbd.log:/sabnzbd/log.log:rw
    - /config/slskd/logs:/slskd/log:rw
    - /config/swag/fail2ban/fail2ban.sqlite3:/dashboard/fail2ban.sqlite3:rw  #The host's fail2ban can be supported by mounting it to swag
    - /config/swag/log/fail2ban:/dashboard/logs:rw   #The host's logs can be supported by mounting it to swag
  ports:
    - 443:443
    - 80:80
  restart: unless-stopped

  

crowdsec:
  image: crowdsecurity/crowdsec:latest
  container_name: crowdsec
  networks:
    - portainer_default
  ports:
    - "8080:8080"
    - "6060:6060"
  volumes:
    - /crowdsec/:/etc/crowdsec
    - /crowdsec/acquis.d:/etc/crowdsec/acquis.d
    - /crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
    - /crowdsec/:/var/lib/crowdsec/data
    - /crowdsec/var/log/auth.log:/logs/auth.log:ro
    - /crowdsec/var/log/syslog.log:/logs/syslog.log:ro
    - /crowdsec/var/log/apache:/logs/apache:ro
    - /config/swag/log/nginx:/var/log/swag:ro
    - /var/log:/var/log/host:ro      
  environment:
    - GID=911
    - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/apache2 crowdsecurity/sshd crowdsecurity/nginx
    - CUSTOM_HOSTNAME=xxxxxx
  restart: unless-stopped
  security_opt:
    - no-new-privileges=true

[thespad]

/etc/nginx/http.d/crowdsec_nginx.conf is part of the internal container filesystem, not the persisent /config mount
Lua gets installed by the package manager, the actual Lua executable is in /usr/bin, the crowdsec lua module gets installed to /usr/local/lua/crowdsec/

The error you're getting suggests that something is breaking the import of the config from http.d in your nginx.conf, but as you've abridged the container log I can't provide any more insight.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue is locked due to inactivity