I’ve followed the steps outlined here: Nginx | CrowdSec to install the crowdsec nginx bouncer. But no matter if I do manual install or package install, I haven’t been able to get it successfully running. I’ve kept the configuration files as the default.
I complete what looks to be a successful installation and I can see the nginx bouncer by doing a 'sudo cscli bouncers list'.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Name IP Address Valid Last API pull Type Version Auth Type
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
cs-firewall-bouncer-1737559222 127.0.0.1 ✔️ 2025-01-22T19:22:20Z crowdsec-firewall-bouncer v0.0.31-debian-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87 api-key
crowdsec-nginx-bouncer-la0ZvJ8W ✔️ api-key
I though it was a little strange that the Last API pull and type weren’t specified, but it wasn’t until I did the below that I seen it looked like the nginx bouncer wasn’t running at all:
ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$ systemctl list-units | grep crowdsec
crowdsec-firewall-bouncer.service loaded active running The firewall bouncer for CrowdSec
crowdsec.service loaded active running Crowdsec agent
ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$ sudo systemctl status crowdsec-nginx-bouncer
Unit crowdsec-nginx-bouncer.service could not be found.
ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$
Anyone have any suggestions. I’m using Ubuntu 24.04 and following the documentation here: Nginx | CrowdSec
So nginx remediation is not a service as it simply Lua code that is placed in the locations needed for nginx. Do you have a crowdsec.conf within /etc/nginx/conf.d/?
Thanks @iiAmLoz ,
Yeah I do. Does that mean it’s been successfully installed and is running?
This is what I see on install. A few warnings, but no errors:
ubuntu@ip-172-31-23-250:~$ sudo apt install crowdsec-nginx-bouncer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
crowdsec-nginx-bouncer
0 upgraded, 1 newly installed, 0 to remove and 34 not upgraded.
Need to get 0 B/24.6 kB of archives.
After this operation, 132 kB of additional disk space will be used.
Selecting previously unselected package crowdsec-nginx-bouncer.
(Reading database ... 96453 files and directories currently installed.)
Preparing to unpack .../crowdsec-nginx-bouncer_1.0.8_amd64.deb ...
Unpacking crowdsec-nginx-bouncer (1.0.8) ...
Setting up crowdsec-nginx-bouncer (1.0.8) ...
Installing https://luarocks.org/lua-resty-http-0.17.1-0.src.rock
lua-resty-http 0.17.1-0 depends on lua >= 5.1 (5.1-1 provided by VM)
Warning: /usr/local/share/lua/5.1/resty/http.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http.lua~~~
Warning: /usr/local/share/lua/5.1/resty/http_connect.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http_connect.lua~~~
Warning: /usr/local/share/lua/5.1/resty/http_headers.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http_headers.lua~~~
No existing manifest. Attempting to rebuild...
lua-resty-http 0.17.1-0 is now installed in /usr/local (license: 2-clause BSD)
Installing https://luarocks.org/lua-cjson-2.1.0.10-1.src.rock
lua-cjson 2.1.0.10-1 depends on lua >= 5.1 (5.1-1 provided by VM)
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lua_cjson.c -o lua_cjson.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c strbuf.c -o strbuf.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c fpconv.c -o fpconv.o
gcc -shared -o cjson.so lua_cjson.o strbuf.o fpconv.o
Warning: /usr/local/bin/json2lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/bin/json2lua~~~
Warning: /usr/local/bin/lua2json is not tracked by this installation of LuaRocks. Moving it to /usr/local/bin/lua2json~~~
Warning: /usr/local/share/lua/5.1/cjson/util.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/cjson/util.lua~~~
Warning: /usr/local/share/lua/5.1/lua2json.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/lua2json.lua~~~
Warning: /usr/local/share/lua/5.1/json2lua.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/json2lua.lua~~~
Warning: /usr/local/lib/lua/5.1/cjson.so is not tracked by this installation of LuaRocks. Moving it to /usr/local/lib/lua/5.1/cjson.so~~~
lua-cjson 2.1.0.10-1 is now installed in /usr/local (license: MIT)
cscli is /usr/bin/cscli
cscli/crowdsec is present, generating API key
API Key : .........
Can't generate an API key for the bouncer. Please do it manually
Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx
If you want to setup captcha remediation, follow official documentation :
https://docs.crowdsec.net/docs/bouncers/nginx#when-using-captcha-remediation
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.