Merge pull request #14 from Lokowitz/new-module-metrics

New module metrics

packages/docusaurus/docs/03-Pangolin/05-tcp-udp.md

@@ -77,6 +77,15 @@ entryPoints:
         address: ":1704/udp"
 ```
 
+## Update Config
+
+Make sure that the `allow_raw_resources` flag in your `/config/config.yml` is set to `true`.
+
+```yaml
+flags:
+    allow_raw_resources: true
+```
+
 ## Restart The Stack
 
 After you've made all of the changes above, you need to restart the stack. This can be done with the following command:

packages/docusaurus/docs/07-Modules/01-overview.md

@@ -1,6 +1,7 @@
 # Overview
 
-he modular design of this system enables the extension of its functionality through the integration of existing Traefik plugins, such as Crowdsec and Geoblock.
+The modular design of this system enables the extension of its functionality through the integration of existing Traefik plugins, such as Crowdsec and Geoblock.
+Additionally, Prometheus can collect metrics from both CrowdSec and Traefik, which can then be visualized in Grafana to monitor security events, request statistics, and traffic patterns in real time.
 
 ## Traefik plugins
 
@@ -10,13 +11,35 @@ For a complete list of available plugins, please refer to the [Plugin Catalog](h
 
 When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bouncer will be automatically installed and configured by default. The configuration can be customized to meet your specific requirements. For detailed guidance, refer to the [documentation](https://docs.fossorial.io/Modules/crowdsec).
 
+The CrowdSec Bouncer plugin for Traefik integrates CrowdSec’s security engine to block malicious traffic in real time. It runs as middleware within a Traefik container and enforces decisions based on CrowdSec’s threat intelligence. This helps protect services from bots, attackers, and abusive IPs dynamically.
+
 For additional information, consult the following resources:
 - [Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin)
 - [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin)
 
 ### Geoblock
 
-Geoblock is a straightforward Traefik plugin that allows you to block or permit requests based on their country of origin. It leverages [GeoJs.io](https://www.geojs.io/) for geolocation services.
+The GeoBlock plugin for Traefik is a middleware that restricts access based on the client’s geographic location. It runs within a Traefik container and uses IP-based geolocation to allow or block traffic from specific countries. This is useful for security, compliance, or access control in Traefik-managed services.
 
 For more details, please refer to the following resources:
 - [Github Repository](https://github.com/PascalMinder/geoblock)
+
+## Metrics
+
+Currently you can claim metric data from Traefik and Crowdsec with Prometheus and visiulize it within a Grafana Dashboard.
+
+### Prometheus
+
+Prometheus is an open-source monitoring and alerting toolkit designed for collecting and querying time-series metrics. It runs as a Docker container and uses a pull-based model to scrape data from configured endpoints. Prometheus integrates well with Grafana for visualization and Alertmanager for alert handling.
+
+For more details, please refer to the following resources:
+- [Homepage](https://prometheus.io/)
+- [Github Repository](https://github.com/prometheus/prometheus)
+
+### Grafana
+
+Grafana is an open-source analytics and visualization platform used to monitor and display time-series data. It runs as a Docker container and supports multiple data sources, including Prometheus, InfluxDB, and MySQL. Grafana provides interactive dashboards, alerting, and extensive customization options for data visualization.
+
+For more details, please refer to the following resources:
+- [Homepage](https://grafana.com/)
+- [Github Repository](https://github.com/grafana/grafana)

packages/docusaurus/docs/07-Modules/03-geoblock.md

@@ -1,5 +1,7 @@
 # GeoBlock
 
+GeoBlock is a Traefik middleware that uses IP-based geolocation to allow or block traffic from specific countries. It helps enhance security and access control by restricting unwanted or potentially harmful connections based on geographic regions.
+
 ## Installation
 
 To integrate GeoBlock into your Traefik setup, follow the steps below:

packages/docusaurus/docs/07-Modules/04-metrics.md

@@ -0,0 +1,174 @@
+# Metrics
+
+This is a basic example of collecting metrics from Traefik and CrowdSec using Prometheus and visualizing them with Grafana dashboards. 
+
+:::warning
+
+Important for users with low-powered server (1GB RAM):
+This setup will increase the use of your server RAM.
+
+:::
+
+## Configuration
+
+### Traefik
+
+For claiming metrics from Traefik we have to adjust some configuration files.
+
+1. Udpate the `docker-compose.yml` file of the Pangolin stack to expose metrics port `8082` for the Prometheus connection:
+
+```yaml
+service:
+    gerbil:
+        ports:
+        - 8082:8082
+```
+
+2. Update the `/config/traefik/traefik_config.yml` file to include the following:
+
+```yaml
+entryPoints:
+  metrics:
+    address: ':8082'
+
+metrics:
+  prometheus:
+    buckets:
+      - 0.1
+      - 0.3
+      - 1.2
+      - 5.0
+    entryPoint: metrics
+    addEntryPointsLabels: true
+    addRoutersLabels: true
+    addServicesLabels: true
+```
+
+3. Restart the Gerbil and Traefik container to apply the changes:
+
+```bash
+sudo docker restart traefik gerbil
+```
+
+### Crowdsec
+
+For claiming metrics from Crowdsec we have to adjust the docker compose files.
+
+1. Udpate the `docker-compose.yml` file of the Pangolin stack to expose metrics port `6060` for the Prometheus connection:
+
+```yaml
+service:
+    crowdsec:
+        ports:
+        - 6060:6060
+```
+
+2. Restart the Crowdsec container to apply the changes:
+
+```bash
+sudo docker restart crowdsec
+```
+
+## Prometheus
+
+1. Create a new Prometheus container or add it to `docker-compose.yml` of Pangolin stack:
+
+```yaml
+services:
+  prometheus:
+    container_name: prometheus
+    image: prom/prometheus:latest
+    restart: unless-stopped
+    ports:
+      - 9090:9090
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./config/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ./config/prometheus/data:/prometheus
+```
+
+2. Create a `prometheus.yml` file in the `/config/prometheus` directory with the following content:
+
+```yaml
+global:
+  scrape_interval: 15s 
+  evaluation_interval: 15s 
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]
+
+  - job_name: traefik
+    static_configs:
+      - targets: ['172.17.0.1:8082']
+
+  - job_name: crowdsec
+    static_configs:
+      - targets: ['172.17.0.1:6060']
+```
+
+3. Create a folder `data` in `/config/prometheus` and change the ower and owning group:
+
+```bash
+chown nobody:nogroup data
+```
+
+4. Start the Prometheus container:
+
+```bash
+sudo docker conpose up -d
+```
+
+## Grafana
+
+1. Create a new Grafana container or add it to `docker-compose.yml` of Pangolin stack:
+
+```yaml
+services:
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    ports:
+      - 3000:3000
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./config/grafana/data:/var/lib/grafana
+```
+
+2. Start the Grafana container:
+
+```bash
+sudo docker compose up -d
+```
+
+:::note
+
+Default login credentials for Grafana admin user is admin:admin.
+
+:::
+
+### Add Prometheus Connection
+
+Add the Prometheus connection under Connections -> Add new connection.
+
+Set `http://172.17.0.1:9090` as `Prometheus Server URL` and click `Save & test`.
+
+### Add Dashboard
+
+Add a Dashboard under Dashboard -> New -> Import and import a pre configured Dashboard or create your own.
+
+#### Traefik
+
+<img src={require("./img/traefik_dashboard.png").default} alt="Preview"/>
+
+Template Import ID = 17346
+
+https://grafana.com/grafana/dashboards/17346-traefik-official-standalone-dashboard/
+
+#### Crowdsec
+
+https://github.com/crowdsecurity/grafana-dashboards/tree/master