I recently decided to use CrowdSec with my Nginx Proy Manager instance (no Docker, just a Debian 11 LXC) and, to be honest, I’m a bit lost.
Now, the installation itself ran absolutely smooth. The agent is installed, and it is registered with the CrowdSec console, reporting an active agent and 33 scenarios.
Of course, CrowdSec covers Nginx as well as Nginx Proxy Manager, and that’s where the confusion starts with all the agents, configurations, collections and bouncers.
During the installation, the agent recognized two services: Nginx and Linux. It also activated two collections, crowdsecurity/linux and crowdsecurity/nginx. However, it did NOT activate crowdsecurity/nginx-proxy-manager, which is what I would have thought. So, this is the first question: Is it correct to have both active or should I deactivate crowdsecurity/nginx and switch to crowdsecurity/nginx-proxy-manager?
Then, there are configurations, namely nginx-logs, nginx-mail-logs, nginx-proxy-manager-logs and nginx-req-limit-exceeded, none of which are mentioned in the installation wiki, so I’m not sure if those are essential or not.
At last, there are bouncers. A boatload of firewall ones with similar names, and exactly one with Nginx in it: cs-nginx-bouncer. Mind you, it doesn’t specifically say cs-nginx-proxy-manager-bouncer. So, that’s another point that has me puzzled if it’s even the right one. The problem is, installing it also means installing Nginx – which is already there as a part of Nginx Proxy Manager. sighs
Sorry for being the noob of the year, but I’d really appreciate if anybody could lift me out of this hole.