Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

*** [GUIDE] *** Setup Crowdsec with SWAG

Featured Replies

  • Author

The CONF file is if you want to setup a remote access to your crowdsec instance. Thus it's not needed.

If you need to access your crowdsec instance remotely is better to setup a VPN tunnel.

  • Author
On 8/26/2025 at 6:13 PM, Wildfirebill said:

**** Configuring CrowdSec nginx Bouncer ****

**** Missing API key or CrowdSec LAPI URL, cannot configure bouncer ****

So below is by setup, the 2 IPs were both used separately first is custom 2nd is host ip

docker run
  -d
  --name='swag'
  --net='wildfire'
  --ip='172.18.0.66'
  --pids-limit 2048
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="wildfire"
  -e HOST_CONTAINERNAME="swag"
  -e 'URL'='URL'
  -e 'VALIDATION'='dns'
  -e 'SUBDOMAINS'='wildcard'
  -e 'CERTPROVIDER'=''
  -e 'DNSPLUGIN'='cloudflare'
  -e 'PROPAGATION'=''
  -e 'EMAIL'='EMAIL'
  -e 'ONLY_SUBDOMAINS'='false'
  -e 'EXTRA_DOMAINS'=''
  -e 'STAGING'='false'
  -e 'DISABLE_F2B'=''
  -e 'SWAG_AUTORELOAD'=''
  -e 'SWAG_AUTORELOAD_WATCHLIST'=''
  -e 'DOCKER_MODS'='linuxserver/mods:swag-crowdsec'
  -e 'CROWDSEC_API_KEY:'='CROWDSEC_API_KEY'
  -e 'CROWDSEC_LAPI_URL:'='http://172.18.0.2:65474''http://192.168.0.15:65474'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png'
  -p '65472:443/tcp'
  -p '65471:80/tcp'
  -p '65472:443/udp'
  -v '/mnt/user/appdata/swag':'/config':'rw'
  --cap-add=NET_ADMIN 'lscr.io/linuxserver/swag'

a6b11ee4b05708ae70c62f580596849f693aa4725ac643a15bafd61d9d64c580

The command finished successfully!

my crowdsec setup

docker run
  -d
  --name='crowdsec'
  --net='wildfire'
  --pids-limit 2048
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="wildfire"
  -e HOST_CONTAINERNAME="crowdsec"
  -e 'COLLECTIONS'='crowdsecurity/nginx crowdsecurity/http-cve'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'CA_TS_FALLBACK_DIR'='/var/lib/crowdsec/data'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:65474]/'
  -l net.unraid.docker.icon='
removed image location'
  -p '65474:8080/tcp'
  -p '65473:6060/tcp'
  -v '/mnt/user/appdata/crowdsec/data/':'/var/lib/crowdsec/data':'rw'
  -v '/mnt/user/appdata/crowdsec/':'/etc/crowdsec':'rw'
  -v '/mnt/user/appdata/swag/log/nginx/':'/var/log/auth.log':'rw'
  -v '/mnt/user/appdata/swag/nginx/':'/var/log/crowdsec':'rw'
  -v '/var/log/syslog':'/syslog':'ro'
  --restart unless-stopped 'crowdsecurity/crowdsec'

b779915f733f947c8d2a6b81f25a84fc1181f3bbe440951a492a75b00e5d7719

The command finished successfully!

You are missing the API key...need to set that up for it to work correctly. Follow again the guide!

2 hours ago, Mik3 said:

The CONF file is if you want to setup a remote access to your crowdsec instance. Thus it's not needed.

If you need to access your crowdsec instance remotely is better to setup a VPN tunnel.

Ok, thanks!

  • 4 months later...

Hi all, I didn't get an answer at the SWAG thread, so I'm reposting here. I added the CrowdSec mod to swag, running alongside Ibracorp's CrowdSec container. Everything appears to be set up correctly and working - logs are being acquired & parsed, lines poured to buckets, buckets occasionally overflowing, decisions being made, and decisions being enforced by the nginx bouncer inside the swag container.

The one issue I have is that the bouncer is not reporting remediation metrics. Maybe I haven't been running it long enough for them to show up. I'm not entirely sure what type of metrics should show up for bouncers, but I was assuming I would see the blocks in there. I can tell it is blocking via logs, and non-empty answers in the LAPI decisions metrics. I'm under the impression that the nginx bouncer supports reporting metrics, but when I use the command cscli metrics show bouncers I get no bouncer metrics found.

image.png

Any help is appreciated.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.