Hi all,
I’ve seen there is a docker with Nginx Proxy Manager and CrowdSec, but I’m currently running NPM within a LXC container.
Is there a way to get CrowdSec installed with this config and also have it do blocking?
For what it’s worth I am using CloudFlare as to host my domain.
If this is possible, is there any step by step guides for a total n00b.
LXC is an OS container. You can use it like any OS. Go into the container shell and install crowdsec.
Thank you.
I got it installed and a bouncer.
I see a load going on in Remediation Metrics, but no alerts, and if I do cscli decision list there is never anything blocked.
Either my Nginx is super lucky or I didn’t complete something to do the actual blocking?
I tried brute SSH in as well and there was nothing flagged in the crowdsec logs.
Do you have any idea what I missed?
Most likely since its in a container it most likely couldnt automatically setup the logs acquisitions, best to walk through the post installation guide:
So we see the error.log but where are the typical access.log? this is probably what is missing
I just added the access.log from the same nginx directory but its empty…
You should check around, as NPM most likely is changing where the logs end up, but I dont use it so got no idea.
volumes:
- ./data:/data
we use in our examples so most likely within /data/
Ok I think I got it.
Nginx was logging to /data/logs/fallback_access.log and fallback_error.log
I added these 2 to the ‘acquis.yaml’ file.
Restarted and now I see a ton of blocks in the decision list -a
So think its working now. Just wondering if they will show up in the Alerts tab within the CrowdSec hub?
Ironically now my ‘metrics show acquisitions’ is now empty?