I am using NPM right now, looking to integrate crowdsec and appsec,
then I stumbled upon this article
but it’s using it with nginx instead of nginx proxy manager.
Now I am looking for full guide that use nginx proxy manager, crowdsec and appsec.
crowdsec and NPM already here
there’s also appsec with npm docker out there
So any idea where I can get tutorial on 3 of them combined ?
When you say appsec do you mean open-appsec or our appsec?
if your waiting to find a tutorial with all of them in it, then you will be waiting some time to find it. You do best following the initial one and then adapting the other to fit your use case.
Yes, I mean openappsec.
I was using crowdsec with cloudflare right now but the blocklist limited to cloudflare free plan 10.000 list which mean 10k ip blocklist, so I am considering to migrating to lepresidente NPM with crowdsec.
I followed all the tutorial on here
on the last, my NPM didn’t show initialisastion done
nginx: [alert] [lua] crowdsec_openresty.conf:5):9: [Crowdsec] Bouncer Disabled
Edit: Okay, so it seems like the article on the blog is outdated, actually we need to fill in the environment in the docker-compose, and somehow I managed to make it run, but I feels like it doesn’t block anything
nginx: [alert] [lua] crowdsec_openresty.conf:5):11: [Crowdsec] Initialisation done
I tried to manual add my ip to blocklist using decisions, and I still can access my site without any issues, so where it goes wrong now ?
depending on which mode the bouncer is in try checking nginx error logs and crowdsec api logs
Thanks god, finally got it working after trying so long, Good job me. and thanks dude iiAmLoz.
Can you share how you managed to get npm, crowdsec and oppenappsec to work together? Thanks!
Could you please explain a little more about the bouncer modes, or point to some documentation? What would one be looking for in the logs?
Here is the docker-compose.yaml file I’m using. So far so good. But performance is not great. AppSec and CrowdSec are constantly using CPU cycles even while idle and I’m trying to improve the page load time for a proxied WordPress site.
---
services:
npm-centrally-managed-attachment:
container_name: npm-centrally-managed-attachment
image: 'ghcr.io/openappsec/nginx-proxy-manager-centrally-managed-attachment:latest'
ipc: host
restart: unless-stopped
environment:
- TZ=America/Vancouver
ports:
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
# For initial configuration only
#- '81:81' # Admin Web Port
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
- frontend
appsec-agent:
container_name: appsec-agent
image: 'ghcr.io/openappsec/agent:latest'
ipc: host
restart: unless-stopped
environment:
- TZ=America/Vancouver
# adjust with your own email below
- user_email=[email@example.com]
- nginxproxymanager=true
- CROWDSEC_ENABLED=true
- CROWDSEC_MODE=prevent
- CROWDSEC_LOGGING=enabled
- CROWDSEC_API_URL=http://crowdsec:8080/v1/decisions/stream
- CROWDSEC_AUTH_METHOD=apiKey
- CROWDSEC_AUTH_DATA=ec612ba31c47a6307df2a5aacc3d11e6
volumes:
- ./appsec-config:/etc/cp/conf
- ./appsec-data:/etc/cp/data
- ./appsec-logs:/var/log/nano_agent
- ./open-appsec-advance-model/open-appsec-advanced-model.tgz:/advanced-model/open-appsec-advanced-model.tgz:rw
command: /cp-nano-agent --token <TOKEN> # replace <TOKEN> with your own token below
networks:
- frontend
depends_on:
- crowdsec
crowdsec:
image: crowdsecurity/crowdsec:latest
restart: unless-stopped
container_name: crowdsec
volumes:
- ./crowdsec:/etc/crowdsec
- ./crowdsec/data:/var/lib/crowdsec/data
- ./crowdsec/logs:/var/log/crowdsec/
- ./appsec-logs/:/var/log/
environment:
- TZ=America/Vancouver
- COLLECTIONS=openappsec/openappsec
- BOUNCER_KEY_openappsec=ec612ba31c47a6307df2a5aacc3d11e6
- DISABLE_PARSERS=crowdsecurity/whitelists
networks:
- frontend
networks:
frontend:
external: true