Crowdsec installation sanity check

Recommended Posts


I have a few of my containers accessible to the public (plex, overseerr, bitwarden, *arrs, etc) and thought it was time to take security more seriously.  Cloudflare is my registrar and I'm forwarding subdomains to NGINX Proxy Manager on my unRaid (eg., I've been doing some reading about Crowdsec and thought I've give it a shot. The Crowdsec container installation from the unRaid App section went fairly smoothly, although documentation was sourced from multiple places due to my particular setup.  There's a ton of moving parts, but I BELIEVE I have it set up correctly, but wanted to run it past you fine folks to see if I did it correctly. Currently, I have it setup where Cloudflare is the 'bouncer'. I'm able to manually block my IP, so that seems to be working.  The one area that I'm still not quite sure about is the part where Crowdsec analyzes the logs on my machine.


  1. Since all external connections coming in run through NPM, is it safe to say that Crowdsec only needs to analyze NPM logs? Or does it need logs from the other containers as well?
  2. Can Crowdsec analyze symlinks for the logs?
    #Inside /mnt/user/appdata/shared/crowdsec
    ln -s /mnt/user/appdata/NginxProxyManager/logs/proxy-host-6_error.log proxy-host-6_error.log
  3. How can I check if Crowdsec is seeing my logs correctly?


Thank you! I'm still wrapping my head around Crowdsec and would definitely appreciate some guidance.

Link to comment
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.