Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Implement Crowdsec, a docker and sever level crowd sourced security guard

Scheduled Pinned Locked Moved Feature Requests
28 Posts 9 Posters 2.1k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    Mastadamus
    replied to privsec on last edited by
    #9

    @privsec Have you installed this with your cloudron?

    1 Reply Last reply
    1
  • T Offline
    T Offline
    teamcrw
    wrote on last edited by
    #10

    Did anyone install it on a cloudron instance? We are using it on various Ubuntu rootservers and it works.

    T 1 Reply Last reply
    1
  • T Offline
    T Offline
    teamcrw
    replied to teamcrw on last edited by
    #11

    @teamcrw i just installed it now and will get back if i encounter any problems

    M 1 Reply Last reply
    3
  • M Offline
    M Offline
    Mastadamus
    replied to teamcrw on last edited by
    #12

    @teamcrw are you installing an nginx bouncer with it?

    M T 2 Replies Last reply
    1
  • M Offline
    M Offline
    Mastadamus
    replied to Mastadamus on last edited by
    #13

    @mastadamus I'd like to give an update. I installed the NGINX bouncer and it took down cloudron's NGINX service. During the install it prompted me if i wanted to change several config files or leave the current file in place and I left my current config file in place yet it still crashed and refused to come back up. More investigation is necessary to make this work.

    M 1 Reply Last reply
    1
  • M Offline
    M Offline
    Mastadamus
    replied to Mastadamus on last edited by
    #14

    @mastadamus The IP TABLE bouncer seems to be working fine. Also I installed the metabase Docker container running on 8181 with success.

    1 Reply Last reply
    2
  • T Offline
    T Offline
    teamcrw
    replied to Mastadamus on last edited by
    #15

    @mastadamus no didn't install nginx bouncer with it. i didn't encounter any problems since i installed it with default settings.

    M 1 Reply Last reply
    1
  • JOduMonTJ JOduMonT referenced this topic on
  • JOduMonTJ JOduMonT referenced this topic on
  • M Offline
    M Offline
    Mastadamus
    replied to teamcrw on last edited by
    #16

    @teamcrw I realized crowdsec isn't succesfully parsing the NGINX logs generated by cloudron because Cloudron uses a non standard /non default log format for NGINX. Working on that now.

    M 1 Reply Last reply
    2
  • K Offline
    K Offline
    klausagnoletti
    replied to privsec on last edited by
    #17

    Hi!

    Just to let you good people know: I am head of community at CrowdSec and I think it's a great idea if Cloudron has build-in support for CrowdSec.

    I would be happy to help anyone here out in installing it - and of course to facilitate Cloudron the help they would need to implement it.

    Just DM me or write me at klaus (at) crowdsec (dot) net.

    1 Reply Last reply
    8
  • M Offline
    M Offline
    Mastadamus
    replied to Mastadamus on last edited by
    #18

    @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

    I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

    P 1 Reply Last reply
    2
  • P Offline
    P Offline
    privsec
    replied to Mastadamus on last edited by
    #19

    @mastadamus said in Implement Crowdsec, a docker and sever level crowd sourced security guard:

    @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

    I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

    @klausagnoletti is this something that could be done by your team?

    M K 2 Replies Last reply
    0
  • M Offline
    M Offline
    Mastadamus
    replied to privsec on last edited by
    #20

    @privsec The other thing to consider is, when i installed the nginx bouncer, even though i left configs default, it crashed the nginx service and i couldn't restart it. Even after I uninstalled the bouncer, I couldn't get nginx back so i had reverted to a snapshot. The iptable bouncer works decent though. Will have to do further testing to figure out why installing the nginx bouncer crashes nginx for cloudron.

    M 1 Reply Last reply
    4
  • K Offline
    K Offline
    klausagnoletti
    replied to privsec on last edited by
    #21

    @klausagnoletti is this something that could be done by your team?

    Sorry but which part? Parsers?

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to klausagnoletti on last edited by
    #22

    @klausagnoletti yup

    K 1 Reply Last reply
    0
  • K Offline
    K Offline
    klausagnoletti
    replied to privsec on last edited by
    #23

    @privsec Yes of course. If you post a question about it in our Discourse https://discourse.crowdsec.net I am sure someone on the team is able to help.

    1 Reply Last reply
    2
  • M Offline
    M Offline
    makemrproper
    replied to Mastadamus on last edited by makemrproper
    #24

    @mastadamus Confirmed. This happened to me today, when I tried to install Crowdsec with Nginx bouncer onto my Cloudron VM.

    Thank heavens for a good backup strategy. Digital Ocean snapshots to the rescue.

    To have Crowdsec working with my Cloudron install would be a massive value add.

    I am not even sure why Nginx failed to start afterwards. I did however note that the install modified or wiped a lot of the Nginx configs which were already in place and perhaps modified by Cloudron. But I haven't tried to dive any deeper.

    M 2 Replies Last reply
    1
  • M Offline
    M Offline
    Mastadamus
    replied to makemrproper on last edited by
    #25

    @makemrproper yeah I tried it twice and first time told it to keep original config and second time allowed modifications.. both times nginx refused to start and I couldn't figure out why.

    1 Reply Last reply
    0
  • M Offline
    M Offline
    Mastadamus
    replied to makemrproper on last edited by
    #26

    @makemrproper my strategy now is to use iptables bouncer with nginx parser.

    See my feature request for nginx log method though.. you have to revert cloudron nginx logs back to nginx default and not combined2 as they are normally or crowdsec parser won't work..

    1 Reply Last reply
    1
  • K Offline
    K Offline
    klausagnoletti
    wrote on last edited by
    #27

    Hey, since I was here last time we have created a Discord server and that would be a good place to influence CrowdSec devs to implement CrowdSec into Cloudron 🙂

    rmdesR 1 Reply Last reply
    5
  • rmdesR Offline
    rmdesR Offline
    rmdes
    replied to klausagnoletti on last edited by
    #28

    In my experience, DO not install the nginx bouncer, it's useless if you install the firewall-bouncer anyway. (the firewall bouncer catch attacks, probs etc..even before they reach the nginx server)

    There is another post on this forum another user and me share their steps by steps to get it running.

    1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks