From c805cb33d7224349d3aaad4d5f6307682abb8e12 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 11:14:18 +0200 Subject: [PATCH 01/14] Create 01-overview.md --- .../docusaurus/docs/07-Modules/01-overview.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 packages/docusaurus/docs/07-Modules/01-overview.md diff --git a/packages/docusaurus/docs/07-Modules/01-overview.md b/packages/docusaurus/docs/07-Modules/01-overview.md new file mode 100644 index 0000000..06af2b0 --- /dev/null +++ b/packages/docusaurus/docs/07-Modules/01-overview.md @@ -0,0 +1,16 @@ +# Overview + +Due to a modular design you can extend the functionality with existing Traefik plugins, such as Crowdsec and Geoblock. + +## Traefik plugins + +[Plugin Catalog](https://plugins.traefik.io/plugins) + + +## Crowdsec + +[Github Repository](https://github.com/crowdsecurity/crowdsec) + +## Geoblock + +[Github Repository](https://github.com/PascalMinder/geoblock) From f0586a471f7ac01d881e3bc1d010db37305cf5b9 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 12:10:56 +0200 Subject: [PATCH 02/14] Create 02-crowdsec.md --- .../docusaurus/docs/07-Modules/02-crowdsec.md | 139 ++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 packages/docusaurus/docs/07-Modules/02-crowdsec.md diff --git a/packages/docusaurus/docs/07-Modules/02-crowdsec.md b/packages/docusaurus/docs/07-Modules/02-crowdsec.md new file mode 100644 index 0000000..1f4165b --- /dev/null +++ b/packages/docusaurus/docs/07-Modules/02-crowdsec.md @@ -0,0 +1,139 @@ +# Crowdsec + +CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It is an open-source massively multiplayer firewall that analyzes visitor behavior and provides an adapted response to all kinds of attacks. + +## Installation + +Crowdsec can be installed with the Pangolin Installer. + +## Configuration + +By default Crowdsec is installed with a very basic configuration including the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). + +### Choose the right logs +#### Syslog +For systems with Syslog the mounted volumes has to be adjusted in the `docker-compose.yml`. +```yaml +service: + crowdsec: + volumes: + - ./config/crowdsec:/etc/crowdsec + - ./config/crowdsec/db:/var/lib/crowdsec/data + - ./config/traefik/logs:/var/log/traefik:ro + - /var/log/auth.log:/var/log/auth.log:ro + - /var/log/syslog:/var/log/syslog:ro +``` + +#### Journalctl +Run `iptables -A INPUT -j LOG --log-prefix "iptables: "` on your host system to log iptables into jounralctl. + +Adjusted `docker-compose.yml`. +```yaml +service: + crowdsec: + image: crowdsecurity/crowdsec:latest-debian + environment: + COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/linux crowdsecurity/iptables + volumes: + - ./config/crowdsec:/etc/crowdsec + - ./config/crowdsec/db:/var/lib/crowdsec/data + - ./config/traefik/logs:/var/log/traefik:ro + - /var/log/journal:/var/log/host:ro +``` + +To parse the journalctl logs add a `journalctl.yaml` file to this location `/config/crowdsec/acquis.d`. +```yaml +source: journalctl +journalctl_filter: + - "--directory=/var/log/host/" +labels: + type: syslog +``` + +### Secure host system (SSH) +By defautl only Traefik requests are secured through the crowdsec bouncer. If you also want to protect your host system eg. ssh you have to add a firewall bouncer to your host system. + +1. Install the Crowdsec repositories. [Documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories) +```bash +curl -s https://install.crowdsec.net | sudo sh +``` +2. Install the firewall bouncer. [Documentation](https://docs.crowdsec.net/u/bouncers/firewall/) +Just for Debian/Ubuntu using IPTables, see documentation link for other options! +```bash +sudo apt install crowdsec-firewall-bouncer-iptables +``` +3. Create an API key for the firewall bouncer to be able to communicate with your crowdsec docker container. ("vps-firewall" can be changed, it is just the name for the key) +```bash +docker exec -it crowdsec cscli bouncers add vps-firewall +``` +4. Copy the dispalyed API key and paste it into the bouncer config file. +```bash +nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml +``` +5. Restart the firewall bouncer. +```bash +systemctl restart crowdsec-firewall-bouncer +``` +6. Add the communication port `8080` to your crowdsec container in `docker-compose.yaml` and restart the crowdsec container. +```yaml +service: + crowdsec: + ports: + - 6060:6060 + - 8080:8080 +``` +Use `docker exec crowdsec cscli metrics` to verify the working communication between firewall bouncer and crowdsec container, you should see something like this: +```bash ++------------------------------------------------------------------+ +| Local API Bouncers Metrics | ++---------------------------+----------------------+--------+------+ +| Bouncer | Route | Method | Hits | ++---------------------------+----------------------+--------+------+ +| traefik-bouncer | /v1/decisions/stream | HEAD | 2 | +| traefik-bouncer@10.0.4.20 | /v1/decisions | GET | 3 | +| vps-firewall | /v1/decisions/stream | GET | 84 | <--------- ++---------------------------+----------------------+--------+------+ +``` + +### Custom ban.html +You can show your attackers a custom ban page. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/custom-ban-page) +1. Place a ban.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. +```bash +wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html +``` +2. Add the following line to you `/config/traefik/dynamic_config.yml` file. +```yaml +http: + middlewares: + crowdsec: + plugin: + crowdsec: + banHTMLFilePath: /etc/traefik/ban.html +``` +### Custom captcha.html +To use captcha you have to provide and configure a captcha.html. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/captcha) +1. Place a captcha.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. +```bash +wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html +``` +2. Add the following line to you `/config/traefik/dynamic_config.yml` file and replace <...> with your credentials. +```yaml +http: + middlewares: + crowdsec: + plugin: + crowdsec: + captchaHTMLFilePath: /etc/traefik/captcha.html + captchaGracePeriodSeconds: 300 + captchaProvider: #your service hcaptcha, recaptcha or turnstile + captchaSiteKey: + captchaSecretKey: +``` +### Testing +You can test your configuration with the following commands. You will get banned for just 1 minute. +```bash +docker exec crowdsec cscli decisions add --ip -d 1m --type ban +``` +```bash +docker exec crowdsec cscli decisions add --ip -d 1m --type captcha +``` From 4858b08c7ca20e50a3897babbe69e5943ed082b5 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 12:27:11 +0200 Subject: [PATCH 03/14] Update 01-overview.md --- .../docusaurus/docs/07-Modules/01-overview.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/01-overview.md b/packages/docusaurus/docs/07-Modules/01-overview.md index 06af2b0..04ef508 100644 --- a/packages/docusaurus/docs/07-Modules/01-overview.md +++ b/packages/docusaurus/docs/07-Modules/01-overview.md @@ -1,16 +1,19 @@ # Overview - Due to a modular design you can extend the functionality with existing Traefik plugins, such as Crowdsec and Geoblock. ## Traefik plugins +See a full list of available plugins at [Plugin Catalog](https://plugins.traefik.io/plugins). -[Plugin Catalog](https://plugins.traefik.io/plugins) +### Crowdsec Bouncer +By installing crowdsec through the Pangolin installer the Crwodsec Traefik Bouncer will be installed and configured by default. +You can adjust the configuration to your needs by following this [documentation](https://docs.fossorial.io/Modules/crowdsec). +For more details see references: +[Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) +[Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) -## Crowdsec - -[Github Repository](https://github.com/crowdsecurity/crowdsec) - -## Geoblock +### Geoblock +Geoblock is a simple plugin for Traefik to block or allow requests based on their country of origin. Uses [GeoJs.io](https://www.geojs.io/). +For more details see references: [Github Repository](https://github.com/PascalMinder/geoblock) From 8d0f5b534cef89e4696833a3049484443533fa2b Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 13:22:11 +0200 Subject: [PATCH 04/14] Create 03-geoblock.md --- .../docusaurus/docs/07-Modules/03-geoblock.md | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 packages/docusaurus/docs/07-Modules/03-geoblock.md diff --git a/packages/docusaurus/docs/07-Modules/03-geoblock.md b/packages/docusaurus/docs/07-Modules/03-geoblock.md new file mode 100644 index 0000000..3ad33bb --- /dev/null +++ b/packages/docusaurus/docs/07-Modules/03-geoblock.md @@ -0,0 +1,49 @@ +# GeoBlock + +##Installation +1. Add following lines to your `/config/traefik/traefik_config.yml` file. +```yaml +entryPoints: + websecure: + http: + middlewares: + - pangolin-geoblock@file + +experimental: + plugins: + geoblock: + moduleName: github.com/PascalMinder/geoblock + version: v0.3.2 +``` +2. Add following lines to your `/config/traefik/dynamic_config.yml` file. With `blackListMode: false` GeoBlock is running in whitelist mode and just allows the added countries. Keep in mind to add countries when you are traveling. Find all county codes in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration). +```yaml +http: + middlewares: + pangolin-geoblock: + plugin: + geoblock: + silentStartUp: false + allowLocalRequests: true + logLocalRequests: false # change to true to see logs and verify if it is working + logAllowedRequests: false # change to true to see logs and verify if it is working + logApiRequests: false # change to true to see logs and verify if it is working + api: "https://get.geojs.io/v1/ip/country/{ip}" + apiTimeoutMs: 500 + cacheSize: 25 + forceMonthlyUpdate: true + allowUnknownCountries: false + unknownCountryApiResponse: "nil" + blackListMode: false + countries: + - DE # add/replace with your country code +``` +3. Restart traefik +```bash +docker restart traefik +``` + +## Testing +Change + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true From 46c8f16df6ce1fed692b5b6a3497c2ace528e1f3 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 17:59:48 +0200 Subject: [PATCH 05/14] Update 02-crowdsec.md --- .../docusaurus/docs/07-Modules/02-crowdsec.md | 35 ++++++++++++++++--- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/02-crowdsec.md b/packages/docusaurus/docs/07-Modules/02-crowdsec.md index 1f4165b..8f81686 100644 --- a/packages/docusaurus/docs/07-Modules/02-crowdsec.md +++ b/packages/docusaurus/docs/07-Modules/02-crowdsec.md @@ -11,20 +11,29 @@ Crowdsec can be installed with the Pangolin Installer. By default Crowdsec is installed with a very basic configuration including the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). ### Choose the right logs + #### Syslog -For systems with Syslog the mounted volumes has to be adjusted in the `docker-compose.yml`. + +For systems with Syslog these volumes has to be added in `docker-compose.yml`. ```yaml service: crowdsec: volumes: - - ./config/crowdsec:/etc/crowdsec - - ./config/crowdsec/db:/var/lib/crowdsec/data - - ./config/traefik/logs:/var/log/traefik:ro - /var/log/auth.log:/var/log/auth.log:ro - /var/log/syslog:/var/log/syslog:ro ``` +Add a `syslog.yaml` file to `/config/crowdsec/acquis.d` with the following content. +```yaml +filenames: + - /var/log/auth.log + - /var/log/syslog +labels: + type: syslog +``` + #### Journalctl + Run `iptables -A INPUT -j LOG --log-prefix "iptables: "` on your host system to log iptables into jounralctl. Adjusted `docker-compose.yml`. @@ -41,7 +50,7 @@ service: - /var/log/journal:/var/log/host:ro ``` -To parse the journalctl logs add a `journalctl.yaml` file to this location `/config/crowdsec/acquis.d`. +Add a `journalctl.yaml` file to `/config/crowdsec/acquis.d` with the following content. ```yaml source: journalctl journalctl_filter: @@ -51,29 +60,35 @@ labels: ``` ### Secure host system (SSH) + By defautl only Traefik requests are secured through the crowdsec bouncer. If you also want to protect your host system eg. ssh you have to add a firewall bouncer to your host system. 1. Install the Crowdsec repositories. [Documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories) ```bash curl -s https://install.crowdsec.net | sudo sh ``` + 2. Install the firewall bouncer. [Documentation](https://docs.crowdsec.net/u/bouncers/firewall/) Just for Debian/Ubuntu using IPTables, see documentation link for other options! ```bash sudo apt install crowdsec-firewall-bouncer-iptables ``` + 3. Create an API key for the firewall bouncer to be able to communicate with your crowdsec docker container. ("vps-firewall" can be changed, it is just the name for the key) ```bash docker exec -it crowdsec cscli bouncers add vps-firewall ``` + 4. Copy the dispalyed API key and paste it into the bouncer config file. ```bash nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml ``` + 5. Restart the firewall bouncer. ```bash systemctl restart crowdsec-firewall-bouncer ``` + 6. Add the communication port `8080` to your crowdsec container in `docker-compose.yaml` and restart the crowdsec container. ```yaml service: @@ -82,6 +97,7 @@ service: - 6060:6060 - 8080:8080 ``` + Use `docker exec crowdsec cscli metrics` to verify the working communication between firewall bouncer and crowdsec container, you should see something like this: ```bash +------------------------------------------------------------------+ @@ -96,11 +112,14 @@ Use `docker exec crowdsec cscli metrics` to verify the working communication bet ``` ### Custom ban.html + You can show your attackers a custom ban page. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/custom-ban-page) + 1. Place a ban.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. ```bash wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html ``` + 2. Add the following line to you `/config/traefik/dynamic_config.yml` file. ```yaml http: @@ -110,12 +129,16 @@ http: crowdsec: banHTMLFilePath: /etc/traefik/ban.html ``` + ### Custom captcha.html + To use captcha you have to provide and configure a captcha.html. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/captcha) + 1. Place a captcha.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. ```bash wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html ``` + 2. Add the following line to you `/config/traefik/dynamic_config.yml` file and replace <...> with your credentials. ```yaml http: @@ -129,7 +152,9 @@ http: captchaSiteKey: captchaSecretKey: ``` + ### Testing + You can test your configuration with the following commands. You will get banned for just 1 minute. ```bash docker exec crowdsec cscli decisions add --ip -d 1m --type ban From a33c98402ee77fe5cfc497bc7f0daf7982d96b5d Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 18:02:00 +0200 Subject: [PATCH 06/14] Update 03-geoblock.md --- packages/docusaurus/docs/07-Modules/03-geoblock.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/docusaurus/docs/07-Modules/03-geoblock.md b/packages/docusaurus/docs/07-Modules/03-geoblock.md index 3ad33bb..5ce365e 100644 --- a/packages/docusaurus/docs/07-Modules/03-geoblock.md +++ b/packages/docusaurus/docs/07-Modules/03-geoblock.md @@ -1,6 +1,7 @@ # GeoBlock ##Installation + 1. Add following lines to your `/config/traefik/traefik_config.yml` file. ```yaml entryPoints: @@ -15,6 +16,7 @@ experimental: moduleName: github.com/PascalMinder/geoblock version: v0.3.2 ``` + 2. Add following lines to your `/config/traefik/dynamic_config.yml` file. With `blackListMode: false` GeoBlock is running in whitelist mode and just allows the added countries. Keep in mind to add countries when you are traveling. Find all county codes in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration). ```yaml http: @@ -37,13 +39,15 @@ http: countries: - DE # add/replace with your country code ``` + 3. Restart traefik ```bash docker restart traefik ``` ## Testing -Change + +Change these options to true to see the GeoBlock activities in the traefik logs. logLocalRequests: true logAllowedRequests: true logApiRequests: true From b2cf7b906a470ba0b380d17ebb8df0cc8e9832cb Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sat, 5 Apr 2025 18:02:26 +0200 Subject: [PATCH 07/14] Update 01-overview.md --- packages/docusaurus/docs/07-Modules/01-overview.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/docusaurus/docs/07-Modules/01-overview.md b/packages/docusaurus/docs/07-Modules/01-overview.md index 04ef508..f6d2138 100644 --- a/packages/docusaurus/docs/07-Modules/01-overview.md +++ b/packages/docusaurus/docs/07-Modules/01-overview.md @@ -1,10 +1,13 @@ # Overview + Due to a modular design you can extend the functionality with existing Traefik plugins, such as Crowdsec and Geoblock. ## Traefik plugins + See a full list of available plugins at [Plugin Catalog](https://plugins.traefik.io/plugins). ### Crowdsec Bouncer + By installing crowdsec through the Pangolin installer the Crwodsec Traefik Bouncer will be installed and configured by default. You can adjust the configuration to your needs by following this [documentation](https://docs.fossorial.io/Modules/crowdsec). @@ -13,6 +16,7 @@ For more details see references: [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) ### Geoblock + Geoblock is a simple plugin for Traefik to block or allow requests based on their country of origin. Uses [GeoJs.io](https://www.geojs.io/). For more details see references: From 593ceb3667e3bf700dcf1da54f15bcd780de93b7 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:26:01 +0200 Subject: [PATCH 08/14] Update 03-geoblock.md --- .../docusaurus/docs/07-Modules/03-geoblock.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/03-geoblock.md b/packages/docusaurus/docs/07-Modules/03-geoblock.md index 5ce365e..176e66a 100644 --- a/packages/docusaurus/docs/07-Modules/03-geoblock.md +++ b/packages/docusaurus/docs/07-Modules/03-geoblock.md @@ -1,8 +1,10 @@ # GeoBlock -##Installation +## Installation -1. Add following lines to your `/config/traefik/traefik_config.yml` file. +To integrate GeoBlock into your Traefik setup, follow the steps below: + +1. Add the following configuration to your `/config/traefik/traefik_config.yml` file: ```yaml entryPoints: websecure: @@ -17,7 +19,7 @@ experimental: version: v0.3.2 ``` -2. Add following lines to your `/config/traefik/dynamic_config.yml` file. With `blackListMode: false` GeoBlock is running in whitelist mode and just allows the added countries. Keep in mind to add countries when you are traveling. Find all county codes in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration). +2. Add the following configuration to your `/config/traefik/dynamic_config.yml` file. Setting `blackListMode: false` enables GeoBlock in whitelist mode, allowing only the specified countries. Remember to add the appropriate countries when traveling. A list of country codes can be found in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration). ```yaml http: middlewares: @@ -40,14 +42,16 @@ http: - DE # add/replace with your country code ``` -3. Restart traefik +3. Restart Traefik to apply the changes: ```bash docker restart traefik ``` ## Testing -Change these options to true to see the GeoBlock activities in the traefik logs. +To monitor GeoBlock activities in the Traefik logs, enable logging by setting the following options to `true`: +```yaml logLocalRequests: true logAllowedRequests: true - logApiRequests: true + logApiRequests: true +``` From 19a5721846e4f2051dd79e0a70c4a5987ecd3d3f Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:26:43 +0200 Subject: [PATCH 09/14] Update 02-crowdsec.md --- .../docusaurus/docs/07-Modules/02-crowdsec.md | 69 +++++++++++-------- 1 file changed, 40 insertions(+), 29 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/02-crowdsec.md b/packages/docusaurus/docs/07-Modules/02-crowdsec.md index 8f81686..27d7901 100644 --- a/packages/docusaurus/docs/07-Modules/02-crowdsec.md +++ b/packages/docusaurus/docs/07-Modules/02-crowdsec.md @@ -1,20 +1,20 @@ # Crowdsec -CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It is an open-source massively multiplayer firewall that analyzes visitor behavior and provides an adapted response to all kinds of attacks. +CrowdSec is a modern, open-source, collaborative behavior detection engine, integrated with a global IP reputation network. It functions as a massively multiplayer firewall, analyzing visitor behavior and responding appropriately to various types of attacks. ## Installation -Crowdsec can be installed with the Pangolin Installer. +Crowdsec can be installed using the Pangolin Installer. ## Configuration -By default Crowdsec is installed with a very basic configuration including the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). +By default, Crowdsec is installed with a basic configuration, which includes the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). ### Choose the right logs #### Syslog -For systems with Syslog these volumes has to be added in `docker-compose.yml`. +For systems utilizing Syslog, the following volumes should be added to the `docker-compose.yml` file: ```yaml service: crowdsec: @@ -23,7 +23,7 @@ service: - /var/log/syslog:/var/log/syslog:ro ``` -Add a `syslog.yaml` file to `/config/crowdsec/acquis.d` with the following content. +Create a `syslog.yaml` file under `/config/crowdsec/acquis.d` with the following content: ```yaml filenames: - /var/log/auth.log @@ -34,9 +34,12 @@ labels: #### Journalctl -Run `iptables -A INPUT -j LOG --log-prefix "iptables: "` on your host system to log iptables into jounralctl. +To log iptables to journalctl, execute the following command on your host system: +```bash +iptables -A INPUT -j LOG --log-prefix "iptables: " +``` -Adjusted `docker-compose.yml`. +Update the `docker-compose.yml` file as follows: ```yaml service: crowdsec: @@ -50,7 +53,7 @@ service: - /var/log/journal:/var/log/host:ro ``` -Add a `journalctl.yaml` file to `/config/crowdsec/acquis.d` with the following content. +Create a `journalctl.yaml` file under `/config/crowdsec/acquis.d` with the following content: ```yaml source: journalctl journalctl_filter: @@ -59,37 +62,36 @@ labels: type: syslog ``` -### Secure host system (SSH) +### Securing the Host System (SSH) -By defautl only Traefik requests are secured through the crowdsec bouncer. If you also want to protect your host system eg. ssh you have to add a firewall bouncer to your host system. +By default, only Traefik requests are secured through the Crowdsec bouncer. To extend protection to your host system (e.g., SSH), follow these steps to add a firewall bouncer: -1. Install the Crowdsec repositories. [Documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories) +1. Install the Crowdsec repositories. Refer to the [installation documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories): ```bash curl -s https://install.crowdsec.net | sudo sh ``` -2. Install the firewall bouncer. [Documentation](https://docs.crowdsec.net/u/bouncers/firewall/) -Just for Debian/Ubuntu using IPTables, see documentation link for other options! +2. Install the firewall bouncer. For Debian/Ubuntu systems using IPTables, refer to the [documentation](https://docs.crowdsec.net/u/bouncers/firewall/): ```bash sudo apt install crowdsec-firewall-bouncer-iptables ``` -3. Create an API key for the firewall bouncer to be able to communicate with your crowdsec docker container. ("vps-firewall" can be changed, it is just the name for the key) +3. Create an API key for the firewall bouncer to communicate with your CrowdSec Docker container. ("vps-firewall" is a placeholder name for the key): ```bash docker exec -it crowdsec cscli bouncers add vps-firewall ``` -4. Copy the dispalyed API key and paste it into the bouncer config file. +4. Copy the dispalyed API key and insert it into the bouncer's configuration file: ```bash nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml ``` -5. Restart the firewall bouncer. +5. Restart the firewall bouncer: ```bash systemctl restart crowdsec-firewall-bouncer ``` -6. Add the communication port `8080` to your crowdsec container in `docker-compose.yaml` and restart the crowdsec container. +6. Update the `docker-compose.yml` file to expose communication port `8080` for the CrowdSec container and restart the container: ```yaml service: crowdsec: @@ -98,7 +100,12 @@ service: - 8080:8080 ``` -Use `docker exec crowdsec cscli metrics` to verify the working communication between firewall bouncer and crowdsec container, you should see something like this: +7. Verify communication between the firewall bouncer and the CrowdSec container by running: +```bash +docker exec crowdsec cscli metrics +``` + +The output should look like this: ```bash +------------------------------------------------------------------+ | Local API Bouncers Metrics | @@ -111,16 +118,16 @@ Use `docker exec crowdsec cscli metrics` to verify the working communication bet +---------------------------+----------------------+--------+------+ ``` -### Custom ban.html +## Custom Ban Page -You can show your attackers a custom ban page. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/custom-ban-page) +To display a custom ban page to attackers, follow these steps: -1. Place a ban.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. +1. Place a `ban.html` page in the `/config/traefik` directory. If you prefer not to create your own, you can download the official example: ```bash wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html ``` -2. Add the following line to you `/config/traefik/dynamic_config.yml` file. +2. Update the `/config/traefik/dynamic_config.yml` file to include the following: ```yaml http: middlewares: @@ -130,16 +137,16 @@ http: banHTMLFilePath: /etc/traefik/ban.html ``` -### Custom captcha.html +## Custom Captcha Page -To use captcha you have to provide and configure a captcha.html. [Documentation](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/captcha) +To use a custom captcha page, follow these steps: -1. Place a captcha.html page in your `/config/traefik` folder. If you don't want to create your own page you can use this official example page. +1. Place a `captcha.html` page in the `/config/traefik` directory. If you don't want to create your own, you can download the official example: ```bash wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html ``` -2. Add the following line to you `/config/traefik/dynamic_config.yml` file and replace <...> with your credentials. +2. Update the `/config/traefik/dynamic_config.yml` file with the following configuration, replacing `` with your captcha provider (e.g. hCaptcha, reCaptcha, Turnstile), and `` with the appropriate site and secret keys: ```yaml http: middlewares: @@ -148,17 +155,21 @@ http: crowdsec: captchaHTMLFilePath: /etc/traefik/captcha.html captchaGracePeriodSeconds: 300 - captchaProvider: #your service hcaptcha, recaptcha or turnstile + captchaProvider: captchaSiteKey: captchaSecretKey: ``` -### Testing +## Testing -You can test your configuration with the following commands. You will get banned for just 1 minute. +You can test your configuration by adding a temporary ban or captcha for your IP. The ban will last for one minute. + +To add a ban: ```bash docker exec crowdsec cscli decisions add --ip -d 1m --type ban ``` + +To trigger a captcha challenge: ```bash docker exec crowdsec cscli decisions add --ip -d 1m --type captcha ``` From 87219fcf7c214c6162a6406e7b72e6ddc42a89da Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:27:07 +0200 Subject: [PATCH 10/14] Update 01-overview.md --- .../docusaurus/docs/07-Modules/01-overview.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/01-overview.md b/packages/docusaurus/docs/07-Modules/01-overview.md index f6d2138..7fdad5b 100644 --- a/packages/docusaurus/docs/07-Modules/01-overview.md +++ b/packages/docusaurus/docs/07-Modules/01-overview.md @@ -1,23 +1,22 @@ # Overview -Due to a modular design you can extend the functionality with existing Traefik plugins, such as Crowdsec and Geoblock. +he modular design of this system enables the extension of its functionality through the integration of existing Traefik plugins, such as Crowdsec and Geoblock. ## Traefik plugins -See a full list of available plugins at [Plugin Catalog](https://plugins.traefik.io/plugins). +For a complete list of available plugins, please refer to the [Plugin Catalog](https://plugins.traefik.io/plugins). ### Crowdsec Bouncer -By installing crowdsec through the Pangolin installer the Crwodsec Traefik Bouncer will be installed and configured by default. -You can adjust the configuration to your needs by following this [documentation](https://docs.fossorial.io/Modules/crowdsec). +When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bouncer will be automatically installed and configured by default. The configuration can be customized to meet your specific requirements. For detailed guidance, refer to the [documentation](https://docs.fossorial.io/Modules/crowdsec). -For more details see references: -[Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) -[Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) +For additional information, consult the following resources: +- [Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) +- [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) ### Geoblock -Geoblock is a simple plugin for Traefik to block or allow requests based on their country of origin. Uses [GeoJs.io](https://www.geojs.io/). +Geoblock is a straightforward Traefik plugin that allows you to block or permit requests based on their country of origin. It leverages [GeoJs.io](https://www.geojs.io/) for geolocation services. -For more details see references: -[Github Repository](https://github.com/PascalMinder/geoblock) +For more details, please refer to the following resources: +- [Github Repository](https://github.com/PascalMinder/geoblock) From 20705f276860d547a50ef7a630842fb3c429af40 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:27:24 +0200 Subject: [PATCH 11/14] Rename 09-supporter-program.md to 10-supporter-program.md --- .../docs/{09-supporter-program.md => 10-supporter-program.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/docusaurus/docs/{09-supporter-program.md => 10-supporter-program.md} (100%) diff --git a/packages/docusaurus/docs/09-supporter-program.md b/packages/docusaurus/docs/10-supporter-program.md similarity index 100% rename from packages/docusaurus/docs/09-supporter-program.md rename to packages/docusaurus/docs/10-supporter-program.md From 9b8b168f5e482ad5d7453fa557f91344665b044a Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:27:37 +0200 Subject: [PATCH 12/14] Rename 08-development.md to 09-development.md --- packages/docusaurus/docs/{08-development.md => 09-development.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/docusaurus/docs/{08-development.md => 09-development.md} (100%) diff --git a/packages/docusaurus/docs/08-development.md b/packages/docusaurus/docs/09-development.md similarity index 100% rename from packages/docusaurus/docs/08-development.md rename to packages/docusaurus/docs/09-development.md From a3025399ca793b15aa9cc137c7e40f5a1a03d17c Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Sun, 6 Apr 2025 19:27:51 +0200 Subject: [PATCH 13/14] Rename 07-roadmap.md to 08-roadmap.md --- packages/docusaurus/docs/{07-roadmap.md => 08-roadmap.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/docusaurus/docs/{07-roadmap.md => 08-roadmap.md} (100%) diff --git a/packages/docusaurus/docs/07-roadmap.md b/packages/docusaurus/docs/08-roadmap.md similarity index 100% rename from packages/docusaurus/docs/07-roadmap.md rename to packages/docusaurus/docs/08-roadmap.md From 44b4194b6fafb3b584c746d69a3c3b7cc52bdfb9 Mon Sep 17 00:00:00 2001 From: Marvin <127591405+Lokowitz@users.noreply.github.com> Date: Mon, 7 Apr 2025 08:23:52 +0200 Subject: [PATCH 14/14] Update 03-geoblock.md --- packages/docusaurus/docs/07-Modules/03-geoblock.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/docusaurus/docs/07-Modules/03-geoblock.md b/packages/docusaurus/docs/07-Modules/03-geoblock.md index 176e66a..8175aad 100644 --- a/packages/docusaurus/docs/07-Modules/03-geoblock.md +++ b/packages/docusaurus/docs/07-Modules/03-geoblock.md @@ -10,7 +10,7 @@ entryPoints: websecure: http: middlewares: - - pangolin-geoblock@file + - geoblock@file experimental: plugins: @@ -23,7 +23,7 @@ experimental: ```yaml http: middlewares: - pangolin-geoblock: + geoblock: plugin: geoblock: silentStartUp: false