update

2024-04-01 10:50:54 +02:00
parent 4626df312b
commit dd3a4ae500
40 changed files with 3665 additions and 0 deletions
--- a/Crowdsec/Traefik/config.yaml
+++ b/Crowdsec/Traefik/config.yaml
@ -0,0 +1,6 @@
+http:
+  middlewares:    
+    crowdsec-bouncer:
+      forwardauth:
+        address: http://bouncer-traefik:8080/api/v1/forwardAuth
+        trustForwardHeader: true
--- a/Crowdsec/Traefik/traefik.yaml
+++ b/Crowdsec/Traefik/traefik.yaml
@ -0,0 +1,41 @@
+api:
+  dashboard: true
+  debug: true
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      middlewares:
+        - crowdsec-bouncer@file
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+    http:
+      middlewares:
+        - crowdsec-bouncer@file
+serversTransport:
+  insecureSkipVerify: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /config.yml
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: your@email.com #add your email
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+log:
+  level: "INFO"
+  filePath: "/var/log/traefik/traefik.log"
+accessLog:
+  filePath: "/var/log/traefik/access.log"
--- a/Crowdsec/acquis.yaml
+++ b/Crowdsec/acquis.yaml
@ -0,0 +1,4 @@
+filenames:
+  - /var/log/traefik/*
+labels:
+  type: traefik
--- a/Crowdsec/docker-compose.yml
+++ b/Crowdsec/docker-compose.yml
@ -0,0 +1,35 @@
+version: '3.8'
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    environment:
+      GID: "${GID-1000}"
+      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
+    volumes:
+      - /home/ubuntu/docker/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - /home/ubuntu/docker/crowdsec/db:/var/lib/crowdsec/data/
+      - /home/ubuntu/docker/crowdsec/config:/etc/crowdsec/
+      - /home/ubuntu/docker/traefik/logs:/var/log/traefik/:ro
+    networks:
+      - proxy
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  bouncer-traefik:
+    image: docker.io/fbonalair/traefik-crowdsec-bouncer:latest
+    container_name: bouncer-traefik
+    environment:
+      CROWDSEC_BOUNCER_API_KEY: create_a_random_api_key
+      CROWDSEC_AGENT_HOST: crowdsec:8080
+    networks:
+      - proxy
+    depends_on:
+      - crowdsec
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+networks:
+  proxy:
+    external: true