Cloudflare bouncer not working?

jameswong3388 · January 27, 2023, 2:41am

Not sure if Cloudflare bouncer works correctly here.

In the bouncer log:
time=“26-01-2023 21:45:04” level=fatal msg=“LAPI can’t be reached”

But in crowdsec log /v1/decisions/stream returned 200

Heres is my config

  ###############################################
  ####              Crowdsec                #####
  ###############################################
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    environment:
      GID: "${GID-1000}"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/linux-lpe crowdsecurity/traefik crowdsecurity/sshd  crowdsecurity/base-http-scenarios crowdsecurity/http-cve" #<== define collection to analyse the logs of those containers
    depends_on:
      - traefik
    ports:
      - 127.0.0.1:8080:8080
    volumes:
      - ./crowdsec-data/config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec-data/config/db:/var/lib/crowdsec/data/
      - ./crowdsec-data/config/config:/etc/crowdsec/
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/log/:/var/log/:ro
    networks:
      - proxy

  bouncer-cloudflare:
    image: crowdsecurity/cloudflare-bouncer:latest
    container_name: proxy-bouncer-cloudflare
    restart: always
    networks:
      - proxy
    depends_on:
      - crowdsec
    volumes:
      - ./crowdsec-data/bouncer/cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml

# CrowdSec Config
crowdsec_lapi_url: http://crowdsec:8080/
crowdsec_lapi_key: ********************************  #docker exec crowdsec cscli -oraw bouncers add cloudflare-bouncer
crowdsec_update_frequency: 10s
include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word, eg ["ssh", "http"]
exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word
only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"]

#Cloudflare Config. 
cloudflare_config:
  accounts:
  - id: 
    token: 
    ip_list_prefix: crowdsec    
    default_action: block    # valid choices are either of challenge, js_challenge, block
    total_ip_list_capacity: 10000 # only this many latest ip scoped decisions would be kept
    zones:    
    - actions:       
      - block # valid choices are either of challenge, js_challenge, block      
      zone_id: 

  update_frequency: 30s # the frequency to update the cloudflare IP list 


# Bouncer 
daemon: true
log_mode: file
log_dir: /var/log/ 
log_level: debug # valid choices are either debug, info, error
log_max_size: 40
log_max_age: 30
log_max_backups: 3
compress_logs: true


prometheus:  
  enabled: false  
  # listen_addr: 127.0.0.1  
  # listen_port: 2112

thibault · January 31, 2023, 4:44pm

Hello,

The bouncer can’t connect/speak to your local API.
Try to connect manually to the local API url/port, that you configured in the bouncer.

jameswong3388 · February 7, 2023, 10:17pm

How can i connect manually ?

iiAmLoz · February 8, 2023, 10:44am

Exec into the bouncer container OR connect a container to the same network and try to curl http://crowdsec:8080/

jameswong3388 · February 8, 2023, 12:53pm

can you be more specific on Exec?
docker exec crowdsec …?

iiAmLoz · February 8, 2023, 8:03pm

Yes docker exec or docker compose exec

jameswong3388 · February 9, 2023, 7:51am

what is the option? ou didn’t answer my question
docker exec crowdsec ?

iiAmLoz · February 9, 2023, 10:33am

That because the answer changes depending on your setup. Exec a container is a basic docker command to learn. I will presume some stuff then EG your on latest docker and using the compose plugin and not the script version.

So run this then.

docker compose exec proxy-bouncer-cloudflare apk add curl && curl -vv http://crowdsec:8080/health

You are expecting to see a response 200 code with some json data.

jameswong3388 · February 10, 2023, 7:52am

Cant seem to run the command tho, but it showed that the container ins running on my portainer instance.

Error response from daemon: Container 8cb6feb01601bbd880087bb82f7dec3fc32b0f050841d6fec5c7fecdf2e5ff04 is restarting, wait until the container is running

iiAmLoz · February 15, 2023, 9:40am

This is going to be difficult to debug if you cannot work around this without portainer. Next step would be to create a container and attach it to the proxy network. Alpine image will be enough. Then within alpine do:

apk add curl && curl -s http://crowdsec:8080/health

Topic		Replies	Views
Cloudflare bouncer cannot connect to LAPI crowdsec	3	2145	January 27, 2023
Can't make crowdsec-blocklist-mirror bouncer to connect to LAPI crowdsec	5	1786	July 26, 2022
Cs-nginx-bouncer not communicating with LAPI crowdsec	3	949	February 3, 2022
CrowdSec Cloudflare Worker Bouncer Failing To Start crowdsec	2	334	January 11, 2024
Bouncer not found? crowdsec	2	1097	June 25, 2024

Cloudflare bouncer not working?

Related Topics