Multiple bouncers overkill?


Still learning crowdsec, i have very big difficulties with bouncers. :frowning:

My server is based on containerised apps (lots of web apps, with apache or nginx for web servers). My ingress is traefik for reverse proxy things.

I have installed firewall bouncer and traefik bouncer. I have installed all collections for apache, nginx, traefik and ftp to parse the logs and to have all scenariosā€¦

Do i need to install a bouncer for all specifics web server (apache/php bouncer + nginx bouncer) ?
Is traefik bouncer will already do the job ?

Sorry but the doc is not clear about bouncersā€¦ itā€™s very hard to understand the purpose of all things.


So its all personal preference, however, my opinion is traefik and firewall is enough for your setup.

The docs cant tell you how to set things up as its all personal preferences, itā€™s very common for most users to use firewall + a web server since they may be proxing through a CDN that bypasses the firewall bouncer.

The point is to run crowdsec against the traffic entering your ā€œmain entranceā€, ie the internet-facing proxy. Which seems to be your traefik . You can eventually also run the agent on the main router/firewall of your infrastructure if it supports it.
But every other webserver coming after your traefik doesnā€™t need it at all, unless you define a set of completely different rules that would block additional things that the first one would not have blockedā€¦ and all this would indeed be totally overkill