HAProxy SOPA Bouncer Installation failure

Ubuntu 24.04.3 LTS. Non pro
CrowdSec installed version v1.7.3

fresh-ish install using CrowdSec repos

cp: cannot stat ‘/usr/share/doc/crowdsec-haproxy-spoa-bouncer/examples/crowdsec.cfg’: No such file or directory
dpkg: error processing package crowdsec-haproxy-spoa-bouncer (–configure):
installed crowdsec-haproxy-spoa-bouncer package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
crowdsec-haproxy-spoa-bouncer
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

Can you advise us which platform this is on? plus the version that was stated to be installed (should be 0.1.2)

eg: amd64

v0.1.2-debian-pragmatic-amd64

I was able to get the install to finish by creating a blank file at /usr/share/doc/crowdsec-haproxy-spoa-bouncer/examples/crowdsec.cfg and continue with configuration. I am however now unable to get the configuration to validate using the cdn based configuration from the documentation.

I have removed the lua based information as it does not appear to be installed in the current version.

sudo haproxy -c -f /etc/haproxy/haproxy.cfg
[NOTICE] (192571) : haproxy version is 2.8.5-1ubuntu3.4
[NOTICE] (192571) : path to executable is /usr/sbin/haproxy
[ALERT] (192571) : config : parsing [/etc/haproxy/haproxy.cfg:98] : ‘filter’ : ‘No SPOE agent found in file /etc/haproxy/crowdsec.cfg’
[ALERT] (192571) : config : parsing [/etc/haproxy/haproxy.cfg:107]: ‘http-request’ expects ‘wait-for-handshake’, ‘set-log-level’, ‘set-nice’, ‘use-service’, ‘sc-add-gpc()', 'sc-inc-gpc()’, ‘sc-inc-gpc0()', 'sc-inc-gpc1()’, ‘sc-set-gpt()', 'sc-set-gpt0()’, ‘send-spoe-group’, ‘do-resolve()', ‘cache-use’, 'add-acl()’, ‘add-header’, ‘allow’, ‘auth’, ‘capture’, ‘del-acl()', ‘del-header’, 'del-map()’, ‘deny’, ‘disable-l7-retry’, ‘early-hint’, ‘normalize-uri’, ‘redirect’, ‘reject’, ‘replace-header’, ‘replace-path’, ‘replace-pathq’, ‘replace-uri’, ‘replace-value’, ‘return’, ‘set-header’, ‘set-map()', ‘set-method’, ‘set-path’, ‘set-pathq’, ‘set-query’, ‘set-uri’, ‘strict-mode’, ‘tarpit’, 'track-sc()’, ‘set-timeout’, ‘wait-for-body’, ‘set-var-fmt()', 'set-var()’, ‘unset-var(*)’, ‘set-dst’, ‘set-dst-port’, ‘set-mark’, ‘set-src’, ‘set-src-port’, ‘set-tos’, ‘silent-drop’, ‘set-priority-class’, ‘set-priority-offset’, ‘set-bandwidth-limit’, but got ‘lua.crowdsec_handle’.
[ALERT] (192571) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

Okay so creating a blank file means that the cp will move a blank file to /etc/haproxy/crowdsec.cfg you need to ensure this content is within it here.

Then we need the lua to be able to render runtime templates so the lua files need to be placed /usr/lib/crowdsec-haproxy-spoa-bouncer/lua directory and these lua files need to be placed within that folder.

Once that is done you need to ensure the templates also exist in the right location /var/lib/cs-haproxy-spoa-bouncer/html

However, we cant replicate this issue can you MAKE SURE you have ran our repository installation script EG:

curl -s https://install.crowdsec.net/ | sudo sh

and that the hash matches below:

$ md5sum /etc/apt/sources.list.d/crowdsec_crowdsec.list
efd76326c2cd7f9308512ccc5f0831aa  /etc/apt/sources.list.d/crowdsec_crowdsec.list

Okay I found the issue, this will resolved for version 0.2.0 until then you must follow the manual installation steps above.

Awesome! Out of curiosity any idea when that will be released?

After deploying all the manual files and some tweaking for my specific setup (behind a CDN) it all looks to be working. Thank you.

Just a pre warning we will be changing how the remediation works when haproxy is behind a CDN so just ensure in future releases check the changelog.

the tldr; is using spoe groups means you can manually trigger the spoe protocol at certain times, this means we can not do the hacky req_hdr_ip function anymore and use the standard setting the src properly.

Glad it working though!

0.2.0 is released which includes the lua and example files now.