Remediation Component keeps failing

crowdsec
1

I’m a newcomer to Crowdsec, and I’ve run into a major issue with getting my deployment of Crowdsec to work on my system.

I’ve got Crowdsec running in a Docker container and my chosen remediation component running on bare metal. I keep getting these errors when I try to run the systemd service for the component:

Feb 09 16:14:15 uss-enterprise systemd[1]: Starting crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror...
Feb 09 16:14:15 uss-enterprise systemd[1]: Started crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror.
Feb 09 16:14:15 uss-enterprise crowdsec-blocklist-mirror[3058889]: time="2026-02-09T16:14:15Z" level=fatal msg="process terminated with error: Get \"http://127.0.0.1:8080/v1/decisions/stream?additional_pull=false&community_pull=false&startup=true\": read tcp 127.0.0.1:45658->127.0.0.1:8080: read: connection reset by peer"
Feb 09 16:14:15 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Main process exited, code=exited, status=1/FAILURE
Feb 09 16:14:15 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Failed with result 'exit-code'.
Feb 09 16:14:25 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Scheduled restart job, restart counter is at 24.
Feb 09 16:14:25 uss-enterprise systemd[1]: Starting crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror...
Feb 09 16:14:25 uss-enterprise systemd[1]: Started crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror.
Feb 09 16:14:25 uss-enterprise crowdsec-blocklist-mirror[3059218]: time="2026-02-09T16:14:25Z" level=fatal msg="process terminated with error: Get \"http://127.0.0.1:8080/v1/decisions/stream?additional_pull=false&community_pull=false&startup=true\": read tcp 127.0.0.1:53566->127.0.0.1:8080: read: connection reset by peer"
Feb 09 16:14:25 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Main process exited, code=exited, status=1/FAILURE
Feb 09 16:14:25 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Failed with result 'exit-code'.
Feb 09 16:14:36 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Scheduled restart job, restart counter is at 25.
Feb 09 16:14:36 uss-enterprise systemd[1]: Starting crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror...
Feb 09 16:14:36 uss-enterprise systemd[1]: Started crowdsec-blocklist-mirror.service - CrowdSec Blocklist Mirror.
Feb 09 16:14:36 uss-enterprise crowdsec-blocklist-mirror[3059649]: time="2026-02-09T16:14:36Z" level=fatal msg="process terminated with error: Get \"http://127.0.0.1:8080/v1/decisions/stream?additional_pull=false&community_pull=false&startup=true\": EOF"
Feb 09 16:14:36 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Main process exited, code=exited, status=1/FAILURE
Feb 09 16:14:36 uss-enterprise systemd[1]: crowdsec-blocklist-mirror.service: Failed with result 'exit-code'.

Here’s my configuration file for reference:

config_version: v1.0
crowdsec_config:
  lapi_key: {API Key}
  lapi_url: http://127.0.0.1:8080/
  update_frequency: 10s
  include_scenarios_containing: []
  exclude_scenarios_containing: []
  only_include_decisions_from: []
  insecure_skip_verify: false
  supported_decisions_types:
    - ban

blocklists:
  - format: plain_text # Supported formats are either "plain_text" or "mikrotik"
    endpoint: /security/blocklist
    authentication:
      type: none # Supported types are either "none", "ip_based" or "basic"
      user:
      password:
      trusted_ips: # IP ranges, or IPs that don't require auth to access this blocklist
        - 127.0.0.1
        - ::1

listen_uri: 127.0.0.1:41412
tls:
  cert_file:
  key_file:

metrics:
  enabled: true
  endpoint: /metrics

# logging configuration
log_media: file
log_dir: /var/log/
log_level: info
log_max_size: 40
log_max_age: 30
log_max_backups: 3
compress_logs: true
# enable access log of the HTTP server
enable_access_logs: true

And my Docker compose.yaml file:

services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    ports:
      - 8080:80
    restart: unless-stopped
    networks:
      - your_shared_network # Must be the same network as Zoraxy
    volumes:
      - crowdsec-db:/var/lib/crowdsec/data/
      - crowdsec-config:/etc/crowdsec/
      - /home/username/zoraxy/config/log:/var/log/zoraxy/:ro 
    environment:
      - TZ=America/Chicago # Adjust your timezone
      - CUSTOM_HOSTNAME=crowdsec
      - COLLECTIONS=crowdsecurity/linux # Basic collections, others might be needed

volumes:
  crowdsec-db:
  crowdsec-config:

networks:
  your_shared_network:
    external: true # Assumes you have a pre-existing network

I would greatly appreciate any help at all resolving my problem. Thank you.

2

this should be 8080:8080 not 80 (also maybe 127.0.0.1:8080:8080 to ensure it scoped only to localhost) crowdsec doesnt expose the api service on 80 unless you changed the configuration file?

and I guess lapi_key: {API Key} is just a placeholder you already did docker compose exec crowdsec cscli bouncers add bl-mirror? then copy and pasted it over {API Key}? (since crowdsec is inside a container the package installation cannot generate a key for you so this must be done manually)

3

Thank you. That did it.

And yes, {API Key} is just a placeholder.