Merge pull request #18 from Lokowitz/fix-crowdsec-reference

Community Guides

packages/docusaurus/docs/07-Community Guides/01-overview.md

@@ -1,5 +1,11 @@
 # Overview
 
+:::note
+
+These are community written guides and are not officially supported. If you have any issues, please reach out to the authors or the community on [Discord](https://discord.gg/HCJR8Xhme4) or [Github discussions](https://github.com/orgs/fosrl/discussions).
+
+:::
+
 The modular design of this system enables the extension of its functionality through the integration of existing Traefik plugins, such as Crowdsec and Geoblock.
 Additionally, Prometheus can collect metrics from both CrowdSec and Traefik, which can then be visualized in Grafana to monitor security events, request statistics, and traffic patterns in real time.
 
@@ -9,7 +15,7 @@ For a complete list of available plugins, please refer to the [Plugin Catalog](h
 
 ### Crowdsec Bouncer
 
-When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bouncer will be automatically installed and configured by default. The configuration can be customized to meet your specific requirements. For detailed guidance, refer to the [documentation](https://docs.fossorial.io/Modules/crowdsec).
+When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bouncer will be automatically installed and configured by default. The configuration can be customized to meet your specific requirements.
 
 The CrowdSec Bouncer plugin for Traefik integrates CrowdSec’s security engine to block malicious traffic in real time. It runs as middleware within a Traefik container and enforces decisions based on CrowdSec’s threat intelligence. This helps protect services from bots, attackers, and abusive IPs dynamically.
 

packages/docusaurus/docs/07-Community Guides/02-crowdsec.md

@@ -0,0 +1,204 @@
+# Crowdsec
+
+:::note
+
+This is a community guide and is not officially supported. If you have any issues, please reach out to the [author](https://github.com/Lokowitz).
+
+:::
+
+CrowdSec is a modern, open-source, collaborative behavior detection engine, integrated with a global IP reputation network. It functions as a massively multiplayer firewall, analyzing visitor behavior and responding appropriately to various types of attacks.
+
+## Installation
+
+Crowdsec can be installed using the Pangolin Installer.
+
+## Configuration
+
+By default, Crowdsec is installed with a basic configuration, which includes the [Crowdsec Bouncer Traefik plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin).
+
+### Choose the right logs
+
+#### Syslog
+
+For systems utilizing Syslog, the following volumes should be added to the `docker-compose.yml` file:
+
+```yaml
+service:
+  crowdsec:
+    volumes:
+      - /var/log/auth.log:/var/log/auth.log:ro
+      - /var/log/syslog:/var/log/syslog:ro
+```
+
+Create a `syslog.yaml` file under `/config/crowdsec/acquis.d` with the following content:
+
+```yaml
+filenames:
+  - /var/log/auth.log
+  - /var/log/syslog
+labels:
+  type: syslog
+```
+
+#### Journalctl
+
+To log iptables to journalctl, execute the following command on your host system:
+
+```bash
+iptables -A INPUT -j LOG --log-prefix "iptables: "
+```
+
+Update the `docker-compose.yml` file as follows:
+
+```yaml
+service:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest-debian
+    environment:
+      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/linux crowdsecurity/iptables
+    volumes:
+      - ./config/crowdsec:/etc/crowdsec
+      - ./config/crowdsec/db:/var/lib/crowdsec/data
+      - ./config/traefik/logs:/var/log/traefik:ro
+      - /var/log/journal:/var/log/host:ro
+```
+
+Create a `journalctl.yaml` file under `/config/crowdsec/acquis.d` with the following content:
+
+```yaml
+source: journalctl
+journalctl_filter:
+  - "--directory=/var/log/host/"
+labels:
+  type: syslog
+```
+
+### Securing the Host System (SSH)
+
+By default, only Traefik requests are secured through the Crowdsec bouncer. To extend protection to your host system (e.g., SSH), follow these steps to add a firewall bouncer:
+
+1. Install the Crowdsec repositories. Refer to the [installation documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories):
+
+```bash
+curl -s https://install.crowdsec.net | sudo sh
+```
+
+2. Install the firewall bouncer. For Debian/Ubuntu systems using IPTables, refer to the [documentation](https://docs.crowdsec.net/u/bouncers/firewall/):
+
+```bash
+sudo apt install crowdsec-firewall-bouncer-iptables
+```
+
+3. Create an API key for the firewall bouncer to communicate with your CrowdSec Docker container. ("vps-firewall" is a placeholder name for the key):
+
+```bash
+docker exec -it crowdsec cscli bouncers add vps-firewall
+```
+
+4. Copy the dispalyed API key and insert it into the bouncer's configuration file:
+
+```bash
+nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
+```
+
+5. Restart the firewall bouncer:
+
+```bash
+systemctl restart crowdsec-firewall-bouncer
+```
+
+6. Update the `docker-compose.yml` file to expose communication port `8080` for the CrowdSec container and restart the container:
+
+```yaml
+service:
+  crowdsec:
+    ports:
+      - 6060:6060 # Metrics port
+      - 8080:8080 # Local API port
+```
+:::warning
+Docker’s NAT-based port publishing feature automatically exposes all `ports:` defined in the `docker-compose` file on all network interfaces. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public.
+Please see [complete warning about exposing ports](/Getting%20Started/dns-networking#ports-to-expose).
+:::
+
+7. Verify communication between the firewall bouncer and the CrowdSec container by running:
+
+```bash
+docker exec crowdsec cscli metrics
+```
+
+The output should look like this:
+
+```bash
++------------------------------------------------------------------+
+| Local API Bouncers Metrics                                       |
++---------------------------+----------------------+--------+------+
+| Bouncer                   | Route                | Method | Hits |
++---------------------------+----------------------+--------+------+
+| traefik-bouncer           | /v1/decisions/stream | HEAD   | 2    |
+| traefik-bouncer@10.0.4.20 | /v1/decisions        | GET    | 3    |
+| vps-firewall              | /v1/decisions/stream | GET    | 84   | <---------
++---------------------------+----------------------+--------+------+
+```
+
+## Custom Ban Page
+
+To display a custom ban page to attackers, follow these steps:
+
+1. Place a `ban.html` page in the `/config/traefik` directory. If you prefer not to create your own, you can download the official example:
+
+```bash
+wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html
+```
+
+2. Update the `/config/traefik/dynamic_config.yml` file to include the following:
+
+```yaml
+http:
+  middlewares:
+    crowdsec:
+      plugin:
+        crowdsec:
+          banHTMLFilePath: /etc/traefik/ban.html
+```
+
+## Custom Captcha Page
+
+To use a custom captcha page, follow these steps:
+
+1. Place a `captcha.html` page in the `/config/traefik` directory. If you don't want to create your own, you can download the official example:
+
+```bash
+wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html
+```
+
+2. Update the `/config/traefik/dynamic_config.yml` file with the following configuration, replacing `<SERVICE>` with your captcha provider (e.g. hCaptcha, reCaptcha, Turnstile), and `<KEY>` with the appropriate site and secret keys:
+
+```yaml
+http:
+  middlewares:
+    crowdsec:
+      plugin:
+        crowdsec:
+          captchaHTMLFilePath: /etc/traefik/captcha.html
+          captchaGracePeriodSeconds: 300
+          captchaProvider: <SERVICE>
+          captchaSiteKey: <KEY>
+          captchaSecretKey: <KEY>
+```
+
+## Testing
+
+You can test your configuration by adding a temporary ban or captcha for your IP. The ban will last for one minute.
+
+To add a ban:
+
+```bash
+docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type ban
+```
+
+To trigger a captcha challenge:
+
+```bash
+docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type captcha
+```

packages/docusaurus/docs/07-Community Guides/03-geoblock.md

@@ -1,5 +1,11 @@
 # GeoBlock
 
+:::note
+
+This is a community guide and is not officially supported. If you have any issues, please reach out to the [author](https://github.com/Lokowitz).
+
+:::
+
 GeoBlock is a Traefik middleware that uses IP-based geolocation to allow or block traffic from specific countries. It helps enhance security and access control by restricting unwanted or potentially harmful connections based on geographic regions.
 
 ## Installation

packages/docusaurus/docs/07-Community Guides/04-metrics.md

@@ -1,5 +1,11 @@
 # Metrics
 
+:::note
+
+This is a community guide and is not officially supported. If you have any issues, please reach out to the [author](https://github.com/Lokowitz).
+
+:::
+
 This is a basic example of collecting metrics from Traefik and CrowdSec using Prometheus and visualizing them with Grafana dashboards.
 
 :::warning

packages/docusaurus/src/pages/pricing.tsx

@@ -295,7 +295,7 @@ const PricingComponent = () => {
                 discounted by {discount.percentage}%
               </>
             ) : (
-              <>Base price $125 + ${siteCount} x $5 per site</>
+              <>Base price $125 + {siteCount} x $5 per site</>
             )}
           </div>