OpenResty Bouncer and Nginx Proxy Manager

Hi.

First of all thanks for an amazing project - I am quite impressed with the capabilities of CrowdSec :smiley:

I have a basic configuration running on my Ubuntu host and it is correctly blocking multiple failed ssh login attempts :ok_hand: Now I want to utilize Crowdsec for protecting the services running behind my Nginx Proxy Manager - using the Openresty Bouncer.

When I try to install the bouncer using sudo apt install crowdsec-openresty-bouncer I am informed of missing dependencies, so added the Openresty repository. But now upon installing the Openresty Bouncer i get the error below.

Luckily the error message is so clear, that I think even I am able to interpret it :upside_down_face: Openresty is trying to bind to port 80, but that is already in use and binded to the host by the NPM container and thus it fails. But how do I continue from here then?

I got the bouncer installed by temporarily stopping the Nginx Proxy Manager container and then changing the bind port of Openresty before restarting. Would changing the port effect functionality of the Openresty Bouncer? It does not prevent me from accessing services behind the Nginx Proxy Manager though attempting from an ip manually added to the decisions list…

Hi @Revorge,

Thanks for the compliment :slight_smile:.

I don’t think installing the crowdsec-openresty-bouncer package will protect your machine, because you’re using Nginx Proxy Manager and it’s running on a docker container.
I think we need to work on a specific crowdsec bouncer integration with Nginx Proxy Manager because it’s docker container based.

In your case, you can install crowdsec and process your nginx proxy manager logs and have the firewall bouncer on your host machine and not the container. So you will block at the network level.

On the bouncer in the application level, we’ll come back to you soon with a solution on how to protect an Nginx proxy manager using crowdsec + bouncer.

And sorry, didn’t see that the logs are a bit different than the nginx default log format (following this). So a parser need to be created to parse the logs.

So there is a little bit of work to support nginx proxy manager. It seems a good solution to handle.

Thanks for the quick and detailed answer - a specific integration with Nginx Proxy Manager sometime in the future would be great.

Having Crowdsec and the bouncer installed on the host - is what I am currently trying to do. It works perfectly for ssh, but not for NPM. The logs are listed in the metrics but no lines are getting parsed.

Edit: Okay, so a new parser would be needed - fair enough :wink: I thought the openresty bouncer would add the needed capabilites. Protecting reverse proxies seems an obvious usage for Crowdsec, so support for NPM would be much appreciated. Once again thanks for the excellent work already done on this project.

2 Likes

Just jumping in to state that I would love this also. Using NPM and it would be great to have CrowdSec running alongside it.

2 Likes