Docker / NPM and Firewall Bouncer

Hello all. Maybe you can help a noob who is still learning out to configure Crowdsec

I run a few services in Docker. To make them accessible to the internet I manage them via Nginx Proxy Manager. My NPM also handles the ssl encryption. This way I can run multiple websites on my domain and seperate them by different subdomains.

I installed Crowdsec and the Firewall Bouncer. Fortunately it seems like it’s working for SSH ootb. Unfortunately it seems like it won’t block up addresses who try to brute force into my websites which are managed by NPM. Why is that? I assume Crowdsec can’t access and read my log files. So how do I fix that so the firewall Bouncer also blogs trying to brute force into those services?

The following services run on NPM and are exposed to the internet:

  1. NPM
  2. Portainer
  3. Vaultwarden password manager

Guessing you are same user on reddit

yeah I’m and I really struggle to protect my Vaultwarden service which is running on port 11000 and forwarded by Nginx Proxy Manager to receive a SSL cert.

Things I tried today:

setting the acquis.yml:

source: docker
 - Vaultwarden
 - b069df8e7b8d38a2e4ec1355b02c18668aa0e073ed743f4240177c03655e87bc
  type: vaultwarden

set the container log of vaultwarden:

  - /var/lib/docker/volumes/vw-data/_data/vaultwarden.log
  type: vaultwaren
  • modified my bouncer firewall settings to disable ipv6, set the iptables chain to "DOCKER-USER".
  • installed

I don’t know what else to do because it seems like it’s not working. Any ideas?

Can we please just centralise your communication to a single platform you opened a reddit, discourse and discord threads I reply on one and get no reply.

Locking thread here please go to your discord thread