Brian Yuen Posted February 20 Share Posted February 20 Hello, I have a few of my containers accessible to the public (plex, overseerr, bitwarden, *arrs, etc) and thought it was time to take security more seriously. Cloudflare is my registrar and I'm forwarding subdomains to NGINX Proxy Manager on my unRaid (eg., https://sonarr.domain.com). I've been doing some reading about Crowdsec and thought I've give it a shot. The Crowdsec container installation from the unRaid App section went fairly smoothly, although documentation was sourced from multiple places due to my particular setup. There's a ton of moving parts, but I BELIEVE I have it set up correctly, but wanted to run it past you fine folks to see if I did it correctly. Currently, I have it setup where Cloudflare is the 'bouncer'. I'm able to manually block my IP, so that seems to be working. The one area that I'm still not quite sure about is the part where Crowdsec analyzes the logs on my machine. Questions: Since all external connections coming in run through NPM, is it safe to say that Crowdsec only needs to analyze NPM logs? Or does it need logs from the other containers as well? Can Crowdsec analyze symlinks for the logs? #Inside /mnt/user/appdata/shared/crowdsec ln -s /mnt/user/appdata/NginxProxyManager/logs/proxy-host-6_error.log proxy-host-6_error.log How can I check if Crowdsec is seeing my logs correctly? Thank you! I'm still wrapping my head around Crowdsec and would definitely appreciate some guidance. Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.