115 lines
2.4 KiB
Markdown
115 lines
2.4 KiB
Markdown
# CrowdSec Setup Instructions
|
|
|
|
This document provides instructions for setting up CrowdSec with Traefik in your environment.
|
|
|
|
## Initial Setup
|
|
|
|
1. First, start the services with a temporary API key:
|
|
|
|
```bash
|
|
# Set CROWDSEC_BOUNCER_API_KEY to a temporary value in .env
|
|
docker-compose up -d
|
|
```
|
|
|
|
2. Generate a bouncer API key:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli bouncers add traefik-bouncer
|
|
```
|
|
|
|
3. Copy the generated API key and add it to your `.env` file:
|
|
|
|
```
|
|
CROWDSEC_BOUNCER_API_KEY=your_generated_key_here
|
|
```
|
|
|
|
4. Restart the services to apply the API key:
|
|
|
|
```bash
|
|
docker-compose down
|
|
docker-compose up -d
|
|
```
|
|
|
|
## Verify CrowdSec Installation
|
|
|
|
1. Check if CrowdSec is running properly:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli metrics
|
|
```
|
|
|
|
2. List installed collections:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli collections list
|
|
```
|
|
|
|
3. Test the CrowdSec setup:
|
|
|
|
```bash
|
|
# Check if CrowdSec is properly connected to Traefik
|
|
docker logs traefik | grep -i crowdsec
|
|
|
|
# Check if there are any decisions (blocks) in CrowdSec
|
|
docker exec -it crowdsec cscli decisions list
|
|
```
|
|
|
|
## Additional Security Configurations
|
|
|
|
### Install Additional Collections
|
|
|
|
You can install additional security collections for better protection:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli collections install crowdsecurity/http-cve
|
|
docker exec -it crowdsec cscli collections install crowdsecurity/nginx
|
|
docker exec -it crowdsec cscli collections install crowdsecurity/wordpress
|
|
```
|
|
|
|
### Configure Custom Rules - Untested and from LLM
|
|
|
|
If you need custom security rules, you can create them in the CrowdSec configuration:
|
|
|
|
1. Create a custom rule file:
|
|
|
|
```bash
|
|
docker exec -it crowdsec touch /etc/crowdsec/parsers/s00-custom/custom-rules.yaml
|
|
```
|
|
|
|
2. Edit the file with your custom rules.
|
|
|
|
3. Restart CrowdSec:
|
|
|
|
```bash
|
|
docker restart crowdsec
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Check Logs
|
|
|
|
If you encounter issues, check the logs:
|
|
|
|
```bash
|
|
# CrowdSec logs
|
|
docker logs crowdsec
|
|
|
|
# Traefik logs (includes bouncer plugin logs)
|
|
docker logs traefik
|
|
```
|
|
|
|
### Common Issues
|
|
|
|
1. **API Key Issues**: If the bouncer can't connect to CrowdSec, verify the API key is correct.
|
|
|
|
2. **No Decisions**: If CrowdSec isn't blocking anything, check if it's receiving logs:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli metrics
|
|
```
|
|
|
|
3. **False Positives**: If legitimate traffic is being blocked, you can add exceptions:
|
|
|
|
```bash
|
|
docker exec -it crowdsec cscli decisions delete --ip 192.168.1.100
|
|
```
|