Docker confused

crowdsec
1

Greetings,
I would love to setup portainer docker stack for the crowdsec, can somebody advice on how to make it so that crowdsec will see all the logs, should i link some more logs/files?

version: '3'

services:
  #the application itself : static html served by apache2.
  #the html can be found in ./app/
  app:
    image: httpd:alpine
    restart: always
    volumes:
      - ./app/:/usr/local/apache2/htdocs/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.2

  #the reverse proxy that will serve the application
  #you can see nginx's config in ./reverse-proxy/nginx.conf
  reverse-proxy:
    image: nginx:alpine
    restart: always
    ports:
      - 8000:80
    depends_on:
      - 'app'
    volumes:
      - ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf
      - logs:/var/log/nginx
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.3

  #crowdsec : it will be fed nginx's logs
  #and later we're going to plug a firewall bouncer to it
  crowdsec:
    image: crowdsecurity/crowdsec
    restart: always
    environment:
      #this is the list of collections we want to install
      #https://hub.crowdsec.net/author/crowdsecurity/collections/nginx
      COLLECTIONS: "crowdsecurity/nginx"
      GID: "${GID-1000}"
    depends_on:
      - 'reverse-proxy'
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - logs:/var/log/nginx
      - crowdsec-db:/var/lib/crowdsec/data/
      - crowdsec-config:/etc/crowdsec/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.4

  #metabase, because security is cool, but dashboards are cooler
  dashboard:
    #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
#    build: ./crowdsec/dashboard
    container_name: dashboard
    image: apollof/crowdsec_metabase:latest
    restart: always
    ports:
      - 3000:3000
    environment:
#      MB_DB_FILE: /data/metabase.db
      MGID: "${GID-1000}"
    depends_on:
      - 'crowdsec'
    volumes:
      - ./crowdsec/data/metabase.db:/data/metabase.db
      - crowdsec-db:/metabase-data/
      - /var/lib/crowdsec/data/crowdsec.db:/metabase-data/crowdsec.db:ro
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.5

volumes:
  logs:
  crowdsec-db:
  crowdsec-config:

networks:
  crowdsec_test:
    ipam:
      driver: default
      config:
        - subnet: 172.20.0.0/24

It is showing the dashboard, but for few minutes that its running i don’t think it sees all the logs, do i need some bouncers to install?
This is my main stack:

version: '3'

services:
  nginx:
    image: nginx:latest
    container_name: my-nginx-container
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/ubuntu/cloud/nginx/nginx.conf:/etc/nginx/nginx.conf
      - /home/ubuntu/cloud/html:/usr/share/nginx/html
      - /home/ubuntu/cloud/logs:/var/log/nginx
      - /etc/letsencrypt:/etc/letsencrypt # Mount the Certbot certificates
    restart: always
2

When using Portainer you need to understand how it configures the “stacks” and the file locations

I dont use portainer as I dont see why you need a gui to do stuff :person_shrugging:

However, when helping other users (I cant exactly remember) but there is a directory for the stacks and within there it mounts the points you define using the UUID of the stack. (I might be wrong since you are using full paths but I remember that there was an issue when users were recreating the stack crowdsec would loose the files since the UUID changes per deploy)

But in short you would need to mount the logs into the crowdsec container and from your main stack you are mounting to host (portainer) via /home/ubuntu/cloud/logs. However they are not being passed to crowdsec.

1 Like
3

Omg now i see it, thank you