fix(crowdsec): 优化限速相关配置

apps/infra/monitor/crowdsec/helmchart.yaml

@@ -76,7 +76,10 @@ spec:
       profiles.yaml: |
         name: captcha_remediation
         filters:
-          - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http" && GetDecisionsSinceCount(Alert.GetValue(), "24h") <= 3
+          # 规则过滤条件 1.范围为Ip 2.触发场景为http或nginx 3.24小时内决策次数小于等于3
+          - Alert.Remediation == true && Alert.GetScope() == "Ip" && 
+            (Alert.GetScenario() contains "http" || Alert.GetScenario() contains "nginx") && 
+            GetDecisionsSinceCount(Alert.GetValue(), "24h") <= 3
         decisions:
           - type: captcha
             duration: 4h

apps/infra/net/nginx/helmchart.yaml

@@ -35,6 +35,8 @@ spec:
         # 自定义错误页面
         custom-http-errors: "403,404,502,503"
         http-snippet: |
+          # lua插件配置
+          lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
           # 缓存配置
           proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off;
           proxy_cache_key $uri$is_args$args;
@@ -42,12 +44,12 @@ spec:
           proxy_cache_use_stale updating;
           # 限速配置
           limit_req_zone $binary_remote_addr zone=global_limit:10m rate=10r/s;
-        server-snippet : |
-          # dns配置
+        server-snippet: |
+          # dns配置 配置在http块下会出现重复配置 所以配置在server块下
           resolver 169.254.20.10 10.43.0.10 ipv6=off;
         location-snippet: |
           # 限速配置
-          limit_req zone=global_limit burst=30 nodelay;
+          limit_req zone=global_limit burst=20 nodelay;
         # 启用geoip2模块
         use-geoip: "false"
         use-geoip2: "true"
@@ -102,7 +104,7 @@ spec:
         plugins: "crowdsec"
         lua-shared-dicts: "crowdsec_cache: 50m"
       # 启用geoip2模块
-      maxmindLicenseKey: "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"
+      maxmindLicenseKey: "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"
       extraArgs:
         default-ssl-certificate: "infra-net/dev-cm-crt"
       # crowdsec插件配置
@@ -117,6 +119,8 @@ spec:
               value: "rgILO2mh/t+30LMvzyyMXbfHRmDfBkDDkhEflzHaoQ0"
             - name: BOUNCER_CONFIG
               value: "/crowdsec/crowdsec-bouncer.conf"
+            - name: MODE
+              value: "stream"
             - name: CAPTCHA_PROVIDER
               value: "turnstile"
             - name: SITE_KEY