There is another post on this forum another user and me share their steps by steps to get it running.

See my feature request for nginx log method though.. you have to revert cloudron nginx logs back to nginx default and not combined2 as they are normally or crowdsec parser won't work..

Thank heavens for a good backup strategy. Digital Ocean snapshots to the rescue.

To have Crowdsec working with my Cloudron install would be a massive value add.

I am not even sure why Nginx failed to start afterwards. I did however note that the install modified or wiped a lot of the Nginx configs which were already in place and perhaps modified by Cloudron. But I haven't tried to dive any deeper.

@klausagnoletti is this something that could be done by your team?

Sorry but which part? Parsers?

@mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format.

I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

@klausagnoletti is this something that could be done by your team?

I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

Just to let you good people know: I am head of community at CrowdSec and I think it's a great idea if Cloudron has build-in support for CrowdSec.

I would be happy to help anyone here out in installing it - and of course to facilitate Cloudron the help they would need to implement it.

Just DM me or write me at klaus (at) crowdsec (dot) net.

@privsec you should change the title since in that case it would replace more than just Fail2Ban and protect more than just SSH.

https://crowdsec.net/faq/

Server-side treatments involve the following:

    Collecting information (IP / Timestamp / Scenario) sent by the network members accepting to share them
    Distributing curated IP block list (tailor-made for each, according to their choices in the back office (coming soon))

The reputation system (feeding your local daemon with IPs to block), can be deactivated and/or replaced by another source of reputation in the configuration, making the software 100% able to function in a standalone manner if you want absolutely no dependency on any online service. With the local API (LAPI, as of v1.0) agents can be deployed & configured 100% offline if you want to.