Cloudflare bouncer not working?

Not sure if Cloudflare bouncer works correctly here.

In the bouncer log:
time=“26-01-2023 21:45:04” level=fatal msg=“LAPI can’t be reached”

But in crowdsec log /v1/decisions/stream returned 200

Heres is my config

  ###############################################
  ####              Crowdsec                #####
  ###############################################
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    environment:
      GID: "${GID-1000}"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/linux-lpe crowdsecurity/traefik crowdsecurity/sshd  crowdsecurity/base-http-scenarios crowdsecurity/http-cve" #<== define collection to analyse the logs of those containers
    depends_on:
      - traefik
    ports:
      - 127.0.0.1:8080:8080
    volumes:
      - ./crowdsec-data/config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec-data/config/db:/var/lib/crowdsec/data/
      - ./crowdsec-data/config/config:/etc/crowdsec/
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/log/:/var/log/:ro
    networks:
      - proxy

  bouncer-cloudflare:
    image: crowdsecurity/cloudflare-bouncer:latest
    container_name: proxy-bouncer-cloudflare
    restart: always
    networks:
      - proxy
    depends_on:
      - crowdsec
    volumes:
      - ./crowdsec-data/bouncer/cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml      
# CrowdSec Config
crowdsec_lapi_url: http://crowdsec:8080/
crowdsec_lapi_key: ********************************  #docker exec crowdsec cscli -oraw bouncers add cloudflare-bouncer
crowdsec_update_frequency: 10s
include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word, eg ["ssh", "http"]
exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word
only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"]

#Cloudflare Config. 
cloudflare_config:
  accounts:
  - id: 
    token: 
    ip_list_prefix: crowdsec    
    default_action: block    # valid choices are either of challenge, js_challenge, block
    total_ip_list_capacity: 10000 # only this many latest ip scoped decisions would be kept
    zones:    
    - actions:       
      - block # valid choices are either of challenge, js_challenge, block      
      zone_id: 

  update_frequency: 30s # the frequency to update the cloudflare IP list 


# Bouncer 
daemon: true
log_mode: file
log_dir: /var/log/ 
log_level: debug # valid choices are either debug, info, error
log_max_size: 40
log_max_age: 30
log_max_backups: 3
compress_logs: true


prometheus:  
  enabled: false  
  # listen_addr: 127.0.0.1  
  # listen_port: 2112

Hello,

The bouncer can’t connect/speak to your local API.
Try to connect manually to the local API url/port, that you configured in the bouncer.

How can i connect manually ?

Exec into the bouncer container OR connect a container to the same network and try to curl http://crowdsec:8080/

can you be more specific on Exec?
docker exec crowdsec …?

Yes docker exec or docker compose exec

what is the option? ou didn’t answer my question
docker exec crowdsec ?

That because the answer changes depending on your setup. Exec a container is a basic docker command to learn. I will presume some stuff then EG your on latest docker and using the compose plugin and not the script version.

So run this then.

docker compose exec proxy-bouncer-cloudflare apk add curl && curl -vv http://crowdsec:8080/health

You are expecting to see a response 200 code with some json data.

Cant seem to run the command tho, but it showed that the container ins running on my portainer instance.

Error response from daemon: Container 8cb6feb01601bbd880087bb82f7dec3fc32b0f050841d6fec5c7fecdf2e5ff04 is restarting, wait until the container is running

This is going to be difficult to debug if you cannot work around this without portainer. Next step would be to create a container and attach it to the proxy network. Alpine image will be enough. Then within alpine do:

apk add curl && curl -s http://crowdsec:8080/health