CrowdSec as replacement to Fail2Ban

Hi All,
Apologies if it’s a newbie question but my knowledge is limited to just setting up a media server using OMV5 with docker/portainer. Right now I have the default fail2ban impolemented on ssh/ftp/omvGui. But I’d want to have this capability on my portainer apps and fail2ban isn’t playing nice.
As far as I understand CrowdSec would have the same capability with the added benifit of a IDS.
Would CrowdSec also work with Authelia as I have some services set up with 2FA?

Thanks

Hi and thanks for posting :slight_smile:
First I would need to understand better what you’re trying to achieve. Which services do you want to protect? Are you trying to expose Portainer to the internet or where does it come into the picture?
Your assumption is right. IDS and IPS are some of the features available. It does depend a bit on the services you want to protect since CrowdSec needs to be able to understand the log format.
In terms of Authelia it depends very much on the service you choose to run it on. CrowdSec supports in theory both nginx and traefik - both nginx is probably more mature. Could you elaborate on your setup?

Thanks!

So, my setup is basically following this - Ultimate Media Server : Episode 1 - OpenMediaVault, Docker & Portainer - YouTube

I have installed Nginx Proxy Manager and use it as a reverse proxy to get apps such as Jellyfin, Overseerr, etc available from the internet.
I have authelia set up in some instances to provide additional password protection before the services become available.

Thanks. That sunds like a cool stack.

One big problem though is that, surprisingly, NPM doesn’t use nginx. Rather it uses openresty which is a heavily modified version of nginx - which CrowdSec sadly doesn’t support.

In terms of Authelia it could be a different matter. Is it using NPM? If so, same sad story, unfortunately.

So if I understand it correctly, CrowdSec can’t help you in this setup. Agree?

Ah, yes, everything is under NPM. That’s sad to hear. For more beginner people like me having a GUI is usually a great bonus so it’s a bit sad that it doesn’t work together with that. Hope maybe it might get working someday!

Yeah, that’s a shame. I am sure it will get fixed eventually.