September 20, 2025Sep 20 Author The CONF file is if you want to setup a remote access to your crowdsec instance. Thus it's not needed.If you need to access your crowdsec instance remotely is better to setup a VPN tunnel.
September 20, 2025Sep 20 Author On 8/26/2025 at 6:13 PM, Wildfirebill said:**** Configuring CrowdSec nginx Bouncer ******** Missing API key or CrowdSec LAPI URL, cannot configure bouncer ****So below is by setup, the 2 IPs were both used separately first is custom 2nd is host ipdocker run -d --name='swag' --net='wildfire' --ip='172.18.0.66' --pids-limit 2048 -e TZ="America/New_York" -e HOST_OS="Unraid" -e HOST_HOSTNAME="wildfire" -e HOST_CONTAINERNAME="swag" -e 'URL'='URL' -e 'VALIDATION'='dns' -e 'SUBDOMAINS'='wildcard' -e 'CERTPROVIDER'='' -e 'DNSPLUGIN'='cloudflare' -e 'PROPAGATION'='' -e 'EMAIL'='EMAIL' -e 'ONLY_SUBDOMAINS'='false' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DISABLE_F2B'='' -e 'SWAG_AUTORELOAD'='' -e 'SWAG_AUTORELOAD_WATCHLIST'='' -e 'DOCKER_MODS'='linuxserver/mods:swag-crowdsec' -e 'CROWDSEC_API_KEY:'='CROWDSEC_API_KEY' -e 'CROWDSEC_LAPI_URL:'='http://172.18.0.2:65474''http://192.168.0.15:65474' -e 'PUID'='99' -e 'PGID'='100' -e 'UMASK'='022' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png' -p '65472:443/tcp' -p '65471:80/tcp' -p '65472:443/udp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'lscr.io/linuxserver/swag'a6b11ee4b05708ae70c62f580596849f693aa4725ac643a15bafd61d9d64c580The command finished successfully!my crowdsec setupdocker run -d --name='crowdsec' --net='wildfire' --pids-limit 2048 -e TZ="America/New_York" -e HOST_OS="Unraid" -e HOST_HOSTNAME="wildfire" -e HOST_CONTAINERNAME="crowdsec" -e 'COLLECTIONS'='crowdsecurity/nginx crowdsecurity/http-cve' -e 'PUID'='99' -e 'PGID'='100' -e 'CA_TS_FALLBACK_DIR'='/var/lib/crowdsec/data' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='http://[IP]:[PORT:65474]/' -l net.unraid.docker.icon='removed image location' -p '65474:8080/tcp' -p '65473:6060/tcp' -v '/mnt/user/appdata/crowdsec/data/':'/var/lib/crowdsec/data':'rw' -v '/mnt/user/appdata/crowdsec/':'/etc/crowdsec':'rw' -v '/mnt/user/appdata/swag/log/nginx/':'/var/log/auth.log':'rw' -v '/mnt/user/appdata/swag/nginx/':'/var/log/crowdsec':'rw' -v '/var/log/syslog':'/syslog':'ro' --restart unless-stopped 'crowdsecurity/crowdsec'b779915f733f947c8d2a6b81f25a84fc1181f3bbe440951a492a75b00e5d7719The command finished successfully!You are missing the API key...need to set that up for it to work correctly. Follow again the guide!
September 20, 2025Sep 20 2 hours ago, Mik3 said:The CONF file is if you want to setup a remote access to your crowdsec instance. Thus it's not needed.If you need to access your crowdsec instance remotely is better to setup a VPN tunnel.Ok, thanks!
January 26Jan 26 Hi all, I didn't get an answer at the SWAG thread, so I'm reposting here. I added the CrowdSec mod to swag, running alongside Ibracorp's CrowdSec container. Everything appears to be set up correctly and working - logs are being acquired & parsed, lines poured to buckets, buckets occasionally overflowing, decisions being made, and decisions being enforced by the nginx bouncer inside the swag container.The one issue I have is that the bouncer is not reporting remediation metrics. Maybe I haven't been running it long enough for them to show up. I'm not entirely sure what type of metrics should show up for bouncers, but I was assuming I would see the blocks in there. I can tell it is blocking via logs, and non-empty answers in the LAPI decisions metrics. I'm under the impression that the nginx bouncer supports reporting metrics, but when I use the command cscli metrics show bouncers I get no bouncer metrics found.Any help is appreciated.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.