Il faut installer l'agent principal avec qui le bouncer va communiquer
https://github.com/crowdsecurity/crowdsec
https://github.com/crowdsecurity/example-docker-compose/blob/main/docker-compose.yml
Voilà une ébauche rapide (note : je n'utilise pas NPM)
docker-compose.yml
version: '3'
services:
crowdsec:
image: crowdsecurity/crowdsec
container_name: crowdsec
restart: always
environment:
#this is the list of collections we want to install
#https://hub.crowdsec.net/browse/#collections
COLLECTIONS: "crowdsecurity/nginx-proxy-manager crowdsecurity/linux crowdsecurity/whitelist-good-actors"
GID: "${PGID}"
depends_on:
- 'nginx-proxy-manager'
volumes:
- ${DOCKERCONFDIR}/crowdsec/data:/var/lib/crowdsec/data/
- ${DOCKERCONFDIR}/crowdsec/config:/etc/crowdsec/
- /var/log:/var/log/host
- ${DOCKERCONFDIR}/nginx-proxy-manager/data/logs:/var/log/nginx
nginx-proxy-manager:
image: 'baudneo/nginx-proxy-manager:latest'
restart: always
container_name: nginx-proxy-manager
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port: à retirer une fois npm configuré
- '81:81'
environment:
TZ: ${TZ}
ADMIN_PANEL_LOG: "1"
CROWDSEC_BOUNCER: "1"
OPENRESTY_DEBUG: "0"
CROWDSEC_LAPI: "http://crowdsec:8080"
CROWDSEC_KEY: "xxxxxxxxxxxxxxxxxxxxxxxx"
DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ${DOCKERCONFDIR}/nginx-proxy-manager/data:/data
- ${DOCKERCONFDIR}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
.env
DOCKERCONFDIR=/home/user/.config/appdata
PGID=1000
#Cette valeur peut être obtenue en utilisant id -g $USER
PUID=1000
#Cette valeur peut être obtenue en utilisant id -u $USER
TZ=Europe/Paris
#Fuseau horaire du système, voir la liste des fuseaux horaires de la base de données TZ
#https://en.wikipedia.org/wiki/List_of_tz_database_time_zones