Hi Team!
Just to introduce myself - I’m a private hobby IT admin for my own installation. At the moment - besides other things - I’m running my own Nextcloud server on an Ubuntu 22.04.03 LTS installation. As I’m running a couple of other web servers like IP cameras etc. I’m using a Raspberry PI based reverse proxy.
Now here is the question: I did migrate my Nextcloud installation from Fail2Ban to crowdsec. While watching TV last night I started asking myself if the crowdsec installation has to run on the rev-proxy instead of the Ubuntu machine. As said: total newbie - so for experienced folks the question might be totally stupid.
Never the less it would be great if someone can shade some light on this issue.
Typically within a local area network there is no wrong answer, If you want the software to be closer to your reverse-proxy because your worried of the overhead latency (The way crowdsec works is remediation component send a http[s] request to the exposed port). However, in the future CrowdSec will support unix socket implementation meaning the latency will be reduce even further when ran on the same machine as the remediation component.
Hopefully I didnt go too deep in weeds, but the TLDR; is where ever you want to run it really, just weight up the pros and cons of them.
Same machine:
Pros:
Reduce latency
Log sources may be faster if using other protocols (syslog)
Cons:
Restricted by machine so if PI doesnt have alot of RAM you may not be able to use all features
CPU bound
Then on another machine you can just reverse the pros and cons above.