crowdsec-nginx-bouncer not starting

I’ve followed the steps outlined here: Nginx | CrowdSec to install the crowdsec nginx bouncer. But no matter if I do manual install or package install, I haven’t been able to get it successfully running. I’ve kept the configuration files as the default.

I complete what looks to be a successful installation and I can see the nginx bouncer by doing a 'sudo cscli bouncers list'.

──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                               IP Address  Valid  Last API pull         Type                       Version                                                                  Auth Type 
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 cs-firewall-bouncer-1737559222     127.0.0.1   ✔️     2025-01-22T19:22:20Z  crowdsec-firewall-bouncer  v0.0.31-debian-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87  api-key   
 crowdsec-nginx-bouncer-la0ZvJ8W                ✔️                                                                                                                               api-key

I though it was a little strange that the Last API pull and type weren’t specified, but it wasn’t until I did the below that I seen it looked like the nginx bouncer wasn’t running at all:

ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$ systemctl list-units | grep crowdsec
  crowdsec-firewall-bouncer.service                                            loaded active running   The firewall bouncer for CrowdSec
  crowdsec.service                                                             loaded active running   Crowdsec agent
  
  
  ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$ sudo systemctl status crowdsec-nginx-bouncer
Unit crowdsec-nginx-bouncer.service could not be found.
ubuntu@ip-172-31-23-250:~/crowdsec-nginx-bouncer-v1.0.8$

Anyone have any suggestions. I’m using Ubuntu 24.04 and following the documentation here: Nginx | CrowdSec

So nginx remediation is not a service as it simply Lua code that is placed in the locations needed for nginx. Do you have a crowdsec.conf within /etc/nginx/conf.d/?

Thanks @iiAmLoz ,
Yeah I do. Does that mean it’s been successfully installed and is running?

This is what I see on install. A few warnings, but no errors:

ubuntu@ip-172-31-23-250:~$ sudo apt install crowdsec-nginx-bouncer

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  crowdsec-nginx-bouncer
0 upgraded, 1 newly installed, 0 to remove and 34 not upgraded.
Need to get 0 B/24.6 kB of archives.
After this operation, 132 kB of additional disk space will be used.
Selecting previously unselected package crowdsec-nginx-bouncer.
(Reading database ... 96453 files and directories currently installed.)
Preparing to unpack .../crowdsec-nginx-bouncer_1.0.8_amd64.deb ...
Unpacking crowdsec-nginx-bouncer (1.0.8) ...
Setting up crowdsec-nginx-bouncer (1.0.8) ...
Installing https://luarocks.org/lua-resty-http-0.17.1-0.src.rock

lua-resty-http 0.17.1-0 depends on lua >= 5.1 (5.1-1 provided by VM)
Warning: /usr/local/share/lua/5.1/resty/http.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http.lua~~~
Warning: /usr/local/share/lua/5.1/resty/http_connect.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http_connect.lua~~~
Warning: /usr/local/share/lua/5.1/resty/http_headers.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/resty/http_headers.lua~~~
No existing manifest. Attempting to rebuild...
lua-resty-http 0.17.1-0 is now installed in /usr/local (license: 2-clause BSD)

Installing https://luarocks.org/lua-cjson-2.1.0.10-1.src.rock

lua-cjson 2.1.0.10-1 depends on lua >= 5.1 (5.1-1 provided by VM)
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lua_cjson.c -o lua_cjson.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c strbuf.c -o strbuf.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c fpconv.c -o fpconv.o
gcc -shared -o cjson.so lua_cjson.o strbuf.o fpconv.o
Warning: /usr/local/bin/json2lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/bin/json2lua~~~
Warning: /usr/local/bin/lua2json is not tracked by this installation of LuaRocks. Moving it to /usr/local/bin/lua2json~~~
Warning: /usr/local/share/lua/5.1/cjson/util.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/cjson/util.lua~~~
Warning: /usr/local/share/lua/5.1/lua2json.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/lua2json.lua~~~
Warning: /usr/local/share/lua/5.1/json2lua.lua is not tracked by this installation of LuaRocks. Moving it to /usr/local/share/lua/5.1/json2lua.lua~~~
Warning: /usr/local/lib/lua/5.1/cjson.so is not tracked by this installation of LuaRocks. Moving it to /usr/local/lib/lua/5.1/cjson.so~~~
lua-cjson 2.1.0.10-1 is now installed in /usr/local (license: MIT)

cscli is /usr/bin/cscli
cscli/crowdsec is present, generating API key
API Key : .........
Can't generate an API key for the bouncer. Please do it manually
Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx

If you want to setup captcha remediation, follow official documentation : 
https://docs.crowdsec.net/docs/bouncers/nginx#when-using-captcha-remediation
Scanning processes...                                                                                                                                                         
Scanning linux images...                                                                                                                                                      

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.