Crowdsec Install guide for cloudron purposes
-
@klausagnoletti I'm already there but not a Cloudron dev or anything, but yeah it would be amazing the have the existing metabase cloudron app in "flavors" one could be the default app we have now, another one could bootstrap crowdsec db and be a one click install for the underlying crowdsec installed in the host but I have no idea if it's possible.
-
-
I am now checking out CrowdSec as well.
As of writing this the installation instruction from @Mastadamus where almost correct.
Edit nginx.conf file to put in default logging
Not needed, also the posted config is bad since it's missing the final closing curly bracket
}
Everything else worked as described.
Now to the bouncer.
@rmdes said in Crowdsec Install guide for cloudron purposes:
So if you really want to test the nginx bouncer you need to disable the firewall bouncer
Ahhh ok, nah I will stick with the iptable bouncer.
-
@rmdes said in Crowdsec Install guide for cloudron purposes:
I had to tweak crowdsec-firewall-bouncer.yml to this
Where? What?
https://docs.crowdsec.net/docs/bouncers/firewall/#configuration
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
Ok.
@rmdes said in Crowdsec Install guide for cloudron purposes:
I used this approach to get all the containers (acquis.yml)
Where? What?
https://docs.crowdsec.net/docs/v1.0/acquisitions/format/#acquisition-directives
/etc/crowdsec/acquis.yaml
Ok.
@rmdes said in Crowdsec Install guide for cloudron purposes:
I used port 9999 in config.yml
Where? What?
https://docs.crowdsec.net/docs/configuration/crowdsec_configuration#configuration-directives
/etc/crowdsec/config.yaml
In yaml querry / json qurry format:
yq '.api.server.listen_uri' < /etc/crowdsec/config.yaml
127.0.0.1:8080
this changed to127.0.0.1:9999
I assume.
Changed to:9999
@rmdes said in Crowdsec Install guide for cloudron purposes:
and accordingly into
local_api_credentials.yamlWhere? What?
https://docs.crowdsec.net/docs/next/local_api/intro/
/etc/crowdsec/local_api_credentials.yaml
In yaml querry langauge:
yq '.url' < /etc/crowdsec/local_api_credentials.yaml
http://127.0.0.1:8080
changed to:9999
@rmdes said in Crowdsec Install guide for cloudron purposes:
bouncers/crowdsec-firewall-bouncer.yaml
Where? What?
https://docs.crowdsec.net/docs/bouncers/firewall/
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
yaml querry:
yq '.api_url' < /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
http://127.0.0.1:8080
changed to:9999
@rmdes said in Crowdsec Install guide for cloudron purposes:
install linux/ssh/nginx/docker scenarios using cscli
What? How?
https://docs.crowdsec.net/docs/v1.1/cscli/cscli_scenarios_install/
cscli scenarios install
Which scenarios can I install?
https://hub.crowdsec.net/browse/Following your advice:
cscli scenarios install linux cscli scenarios install sshd cscli scenarios install nginx
I did not find and scenario for docker? @rmdes and now when I try
cscli scenarios install linux
I get an error.
Well it seems this are not scenarios but collections.So it's https://docs.crowdsec.net/docs/v1.2/cscli/cscli_collections_install/
cscli collections install crowdsecurity/linux
Which is already installed by default, which also included
sshd
by default.I could not find docker at all.
Maybe you can help out here @rmdes -
Now I am running crowdsec on my cloudron.
I will report back for more findings. -
@BrutalBirdie Thanks! It would be great if your, @rmdes and @Mastadamus findings could end up in a Cloudron doc in the end...!
-
@BrutalBirdie Sorry have been busy and thanks for documenting my steps
The docker part is done on the /etc/crowdsec/acquis.yml
I'm not entirely convinced my regex call works appropriately
or even that in the cloudron context this is entirely needed (I have one cloudron with & without not seeing much difference)# Docker context source : docker container_name_regexp: - ^[a-zA-Z0-9_.-]*$ labels: type: log_type ---
-
Revisiting this topic - is Crowdesc running reliably for those who got it installed?
-
-
-
-
not anymore, there has been a lot of changes on crowdsec side and not only the crowdsec-firewall-bouncer needs a very specific nginx version but even the wordpress bouncer could not be properly installed last time I checked.
I still have one instance running behind a Cloudflare, a server running cloudron + crowdsec but without the nginx bouncer, just the cloudflare bouncer, but even in this configuration I could not get the wordpress bouncer to work.
-
-
@robi good point, I have put a warning up front.