# CrowdSec Setup Instructions This document provides instructions for setting up CrowdSec with Traefik in your environment. ## Initial Setup 1. First, start the services with a temporary API key: ```bash # Set CROWDSEC_BOUNCER_API_KEY to a temporary value in .env docker-compose up -d ``` 2. Generate a bouncer API key: ```bash docker exec -it crowdsec cscli bouncers add traefik-bouncer ``` 3. Copy the generated API key and add it to your `.env` file: ``` CROWDSEC_BOUNCER_API_KEY=your_generated_key_here ``` 4. Restart the services to apply the API key: ```bash docker-compose down docker-compose up -d ``` ## Verify CrowdSec Installation 1. Check if CrowdSec is running properly: ```bash docker exec -it crowdsec cscli metrics ``` 2. List installed collections: ```bash docker exec -it crowdsec cscli collections list ``` 3. Test the CrowdSec setup: ```bash # Check if CrowdSec is properly connected to Traefik docker logs traefik | grep -i crowdsec # Check if there are any decisions (blocks) in CrowdSec docker exec -it crowdsec cscli decisions list ``` ## Additional Security Configurations ### Install Additional Collections You can install additional security collections for better protection: ```bash docker exec -it crowdsec cscli collections install crowdsecurity/http-cve docker exec -it crowdsec cscli collections install crowdsecurity/nginx docker exec -it crowdsec cscli collections install crowdsecurity/wordpress ``` ### Configure Custom Rules - Untested and from LLM If you need custom security rules, you can create them in the CrowdSec configuration: 1. Create a custom rule file: ```bash docker exec -it crowdsec touch /etc/crowdsec/parsers/s00-custom/custom-rules.yaml ``` 2. Edit the file with your custom rules. 3. Restart CrowdSec: ```bash docker restart crowdsec ``` ## Troubleshooting ### Check Logs If you encounter issues, check the logs: ```bash # CrowdSec logs docker logs crowdsec # Traefik logs (includes bouncer plugin logs) docker logs traefik ``` ### Common Issues 1. **API Key Issues**: If the bouncer can't connect to CrowdSec, verify the API key is correct. 2. **No Decisions**: If CrowdSec isn't blocking anything, check if it's receiving logs: ```bash docker exec -it crowdsec cscli metrics ``` 3. **False Positives**: If legitimate traffic is being blocked, you can add exceptions: ```bash docker exec -it crowdsec cscli decisions delete --ip 192.168.1.100 ```