Merge branch 'Lokowitz-docs-crowdsec'

packages/docusaurus/docs/07-Modules/01-overview.md

@@ -0,0 +1,22 @@
+# Overview
+
+he modular design of this system enables the extension of its functionality through the integration of existing Traefik plugins, such as Crowdsec and Geoblock.
+
+## Traefik plugins
+
+For a complete list of available plugins, please refer to the [Plugin Catalog](https://plugins.traefik.io/plugins).
+
+### Crowdsec Bouncer
+
+When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bouncer will be automatically installed and configured by default. The configuration can be customized to meet your specific requirements. For detailed guidance, refer to the [documentation](https://docs.fossorial.io/Modules/crowdsec).
+
+For additional information, consult the following resources:
+- [Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin)
+- [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin)
+
+### Geoblock
+
+Geoblock is a straightforward Traefik plugin that allows you to block or permit requests based on their country of origin. It leverages [GeoJs.io](https://www.geojs.io/) for geolocation services.
+
+For more details, please refer to the following resources:
+- [Github Repository](https://github.com/PascalMinder/geoblock)

packages/docusaurus/docs/07-Modules/02-crowdsec.md

@@ -0,0 +1,175 @@
+# Crowdsec
+
+CrowdSec is a modern, open-source, collaborative behavior detection engine, integrated with a global IP reputation network. It functions as a massively multiplayer firewall, analyzing visitor behavior and responding appropriately to various types of attacks.
+
+## Installation
+
+Crowdsec can be installed using the Pangolin Installer. 
+
+## Configuration
+
+By default, Crowdsec is installed with a basic configuration, which includes the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin).
+
+### Choose the right logs
+
+#### Syslog
+
+For systems utilizing Syslog, the following volumes should be added to the `docker-compose.yml` file:
+```yaml
+service:
+  crowdsec:
+    volumes:
+      - /var/log/auth.log:/var/log/auth.log:ro
+      - /var/log/syslog:/var/log/syslog:ro
+```
+
+Create a `syslog.yaml` file under `/config/crowdsec/acquis.d` with the following content:
+```yaml
+filenames:
+ - /var/log/auth.log
+ - /var/log/syslog
+labels:
+  type: syslog
+```
+
+#### Journalctl
+
+To log iptables to journalctl, execute the following command on your host system:
+```bash
+iptables -A INPUT -j LOG --log-prefix "iptables: "
+```
+
+Update the `docker-compose.yml` file as follows:
+```yaml
+service:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest-debian
+    environment:
+      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/linux crowdsecurity/iptables
+    volumes:
+      - ./config/crowdsec:/etc/crowdsec
+      - ./config/crowdsec/db:/var/lib/crowdsec/data
+      - ./config/traefik/logs:/var/log/traefik:ro
+      - /var/log/journal:/var/log/host:ro
+```
+
+Create a `journalctl.yaml` file under `/config/crowdsec/acquis.d` with the following content:
+```yaml
+source: journalctl
+journalctl_filter: 
+  - "--directory=/var/log/host/"
+labels:
+  type: syslog
+```
+
+### Securing the Host System (SSH)
+
+By default, only Traefik requests are secured through the Crowdsec bouncer. To extend protection to your host system (e.g., SSH), follow these steps to add a firewall bouncer:
+
+1. Install the Crowdsec repositories. Refer to the [installation documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories):
+```bash
+curl -s https://install.crowdsec.net | sudo sh
+```
+
+2. Install the firewall bouncer. For Debian/Ubuntu systems using IPTables, refer to the [documentation](https://docs.crowdsec.net/u/bouncers/firewall/):
+```bash
+sudo apt install crowdsec-firewall-bouncer-iptables
+```
+
+3. Create an API key for the firewall bouncer to communicate with your CrowdSec Docker container. ("vps-firewall" is a placeholder name for the key):
+```bash
+docker exec -it crowdsec cscli bouncers add vps-firewall
+```
+
+4. Copy the dispalyed API key and insert it into the bouncer's configuration file:
+```bash
+nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
+```
+
+5. Restart the firewall bouncer:
+```bash
+systemctl restart crowdsec-firewall-bouncer
+```
+
+6. Update the `docker-compose.yml` file to expose communication port `8080` for the CrowdSec container and restart the container:
+```yaml
+service:
+  crowdsec:
+    ports:
+      - 6060:6060
+      - 8080:8080
+```
+
+7. Verify communication between the firewall bouncer and the CrowdSec container by running:
+```bash
+docker exec crowdsec cscli metrics
+```
+
+The output should look like this:
+```bash
++------------------------------------------------------------------+
+| Local API Bouncers Metrics                                       |
++---------------------------+----------------------+--------+------+
+| Bouncer                   | Route                | Method | Hits |
++---------------------------+----------------------+--------+------+
+| traefik-bouncer           | /v1/decisions/stream | HEAD   | 2    |
+| traefik-bouncer@10.0.4.20 | /v1/decisions        | GET    | 3    |
+| vps-firewall              | /v1/decisions/stream | GET    | 84   | <---------
++---------------------------+----------------------+--------+------+
+```
+
+## Custom Ban Page
+
+To display a custom ban page to attackers, follow these steps: 
+
+1. Place a `ban.html` page in the `/config/traefik` directory. If you prefer not to create your own, you can download the official example:
+```bash
+wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html
+```
+
+2. Update the `/config/traefik/dynamic_config.yml` file to include the following:
+```yaml
+http:
+  middlewares:
+    crowdsec:
+      plugin:
+        crowdsec:
+          banHTMLFilePath: /etc/traefik/ban.html
+```
+
+## Custom Captcha Page
+
+To use a custom captcha page, follow these steps:
+
+1. Place a `captcha.html` page in the `/config/traefik` directory. If you don't want to create your own, you can download the official example:
+```bash
+wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html
+```
+
+2. Update the `/config/traefik/dynamic_config.yml` file with the following configuration, replacing `<SERVICE>` with your captcha provider (e.g. hCaptcha, reCaptcha, Turnstile), and `<KEY>` with the appropriate site and secret keys:
+```yaml
+http:
+  middlewares:
+    crowdsec:
+      plugin:
+        crowdsec:
+          captchaHTMLFilePath: /etc/traefik/captcha.html
+          captchaGracePeriodSeconds: 300
+          captchaProvider: <SERVICE>
+          captchaSiteKey: <KEY>
+          captchaSecretKey: <KEY>
+```
+
+## Testing
+
+You can test your configuration by adding a temporary ban or captcha for your IP. The ban will last for one minute.
+
+To add a ban:
+```bash
+docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type ban
+```
+
+To trigger a captcha challenge:
+```bash
+docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type captcha
+```

packages/docusaurus/docs/07-Modules/03-geoblock.md

@@ -0,0 +1,57 @@
+# GeoBlock
+
+## Installation
+
+To integrate GeoBlock into your Traefik setup, follow the steps below:
+
+1. Add the following configuration to your `/config/traefik/traefik_config.yml` file:
+```yaml
+entryPoints:
+  websecure:
+    http:
+      middlewares:
+        - geoblock@file
+
+experimental:
+  plugins:
+    geoblock:
+      moduleName: github.com/PascalMinder/geoblock
+      version: v0.3.2
+```
+
+2. Add the following configuration to your `/config/traefik/dynamic_config.yml` file. Setting `blackListMode: false` enables GeoBlock in whitelist mode, allowing only the specified countries. Remember to add the appropriate countries when traveling. A list of country codes can be found in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration).
+```yaml
+http:
+  middlewares:
+    geoblock:
+      plugin:
+        geoblock:
+          silentStartUp: false
+          allowLocalRequests: true
+          logLocalRequests: false # change to true to see logs and verify if it is working
+          logAllowedRequests: false # change to true to see logs and verify if it is working
+          logApiRequests: false # change to true to see logs and verify if it is working
+          api: "https://get.geojs.io/v1/ip/country/{ip}"
+          apiTimeoutMs: 500
+          cacheSize: 25
+          forceMonthlyUpdate: true
+          allowUnknownCountries: false
+          unknownCountryApiResponse: "nil"
+          blackListMode: false
+          countries:
+            - DE # add/replace with your country code
+```
+
+3. Restart Traefik to apply the changes:
+```bash
+docker restart traefik
+```
+
+## Testing
+
+To monitor GeoBlock activities in the Traefik logs, enable logging by setting the following options to `true`:
+```yaml
+          logLocalRequests: true
+          logAllowedRequests: true
+          logApiRequests: true
+```