Hello all. Maybe you can help a noob who is still learning out to configure Crowdsec
I run a few services in Docker. To make them accessible to the internet I manage them via Nginx Proxy Manager. My NPM also handles the ssl encryption. This way I can run multiple websites on my domain and seperate them by different subdomains.
I installed Crowdsec and the Firewall Bouncer. Fortunately it seems like it’s working for SSH ootb. Unfortunately it seems like it won’t block up addresses who try to brute force into my websites which are managed by NPM. Why is that? I assume Crowdsec can’t access and read my log files. So how do I fix that so the firewall Bouncer also blogs trying to brute force into those services?
The following services run on NPM and are exposed to the internet:
- NPM
- Portainer
- Vaultwarden password manager
Guessing you are same user on reddit
yeah I’m and I really struggle to protect my Vaultwarden service which is running on port 11000 and forwarded by Nginx Proxy Manager to receive a SSL cert.
Things I tried today:
setting the acquis.yml:
source: docker
container_name:
- Vaultwarden
container_id:
- b069df8e7b8d38a2e4ec1355b02c18668aa0e073ed743f4240177c03655e87bc
labels:
type: vaultwarden
set the container log of vaultwarden:
filenames:
- /var/lib/docker/volumes/vw-data/_data/vaultwarden.log
labels:
type: vaultwaren
- modified my bouncer firewall settings to
disable ipv6, set the iptables chain to "DOCKER-USER".
- installed
https://hub.crowdsec.net/author/Dominic-Wagner/collections/vaultwarden
I don’t know what else to do because it seems like it’s not working. Any ideas?
Can we please just centralise your communication to a single platform you opened a reddit, discourse and discord threads I reply on one and get no reply.
Locking thread here please go to your discord thread