CrowdSec Docker Setup on TrueNAS SCALE EE with Tailscale + TSDproxy
Hi everyone! Iām running TrueNAS SCALE 24.10.2.3 (Electric Eel) and Iām working on setting up CrowdSec inside a Docker container.
My goals:
Use CrowdSec to protect Vaultwarden and Immich, which are also running in Docker on the same TrueNAS server....
Wazuh integration
Hi all,
i'm trying to integrate Crowdsec agents into Wazuh.
In my current config, my self-hosted CAPI outputs (with the file notifications plugin) in /tmp/crowdsec_alerts.json on Wazuh server.
The problem is: all records in Wazuh shows the agent.name of the Wazuh server not the agent where the alert was detected....
CrowdSec Agent UnmarshalJSON: unexpected end of JSON input with Traefik logs on Kubernetes (Containe
Hi everyone,
I'm facing a persistent issue with my CrowdSec agent on Kubernetes.
My Setup:
CrowdSec: Deployed via Helm chart.
Container Runtime: containerd is configured (container_runtime: containerd in values.yaml)....
Technitium parser
Hi,
I'm trying to write a custom parser for technitium failed auth logs. However I'm unable to get it working properly... (Grok Debugger confirms that the correct things are getting matched though)
```yaml...
Caddy Appsec
Hi!
I have setup crowdsec with https://github.com/hslatman/caddy-crowdsec-bouncer.
But im not sure if appec is working as it should, have I missed anything?
...
Crowdsec behind cloudflare proxy, will it ban my real IP?
Hey, I'm enjoing vacation and why not learn something new? Settled for Crowdsec. š š¦
I've installed it on multiple firewalls (opnsense and pfsense) and agents parsing nginx-logs.
I've attacked my website using nikto and the cs-agent at nginx did detect the attack and reported it to the LAPI. When looking at the decisions in the LAPI@pfsense I can see that I should be banned. Great.
...
ERR error="middleware \"globalcrowdsec@file\" does not exist" entryPointName=http routerName=acme-ht
I am use this Tutorial : https://www.crowdsec.net/blog/securing-automated-app-deployment-crowdsec-and-coolify to Installing the Traefik Remediation Component
in coolify. but when i add Compose Command section by adding the following lines:
command:
- '--experimental.plugins.crowdsec.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin'...
Crowdsec banning local IP by default
Hello,
I am using crowdsec with bouncer-traefik as stack and traefik in different container but in same host.
Everything is up and running but I can not access any of the service I have, it says "Forbiden" on top left corner....
Traefik bouncer plugin-metrics 403
I set up the crowdsec helm chart + traefik bouncer yesterday and seeing some errors I can't explain. The bouncer plugin reports every 10 minutes:
ERROR: CrowdsecBouncerTraefikPlugin: 2025/07/25 11:31:08 handleMetricsTicker:reportMetrics reportMetrics:query crowdsecQuery method:POST url:http://crowdsec-service.crowdsec.svc.cluster.local:8080/v1/usage-metrics, statusCode:403 (expected: 2xx)
I suspect this is also related to this error in the agent logs as they seem to have the same timestamp ...New to self-hosting, seeking advice from cybersecurity buffs.
I have the Oracle Free Tier. I've already ran it for a year or so with the usual services like Nextcloud and Immich, but I'm still inexperienced and want advice. I want to do it right this time, documenting it as I go through the setup so that I don't forget.
Up until now, my plan was to run Rootless Docker with NPM and Keycloak. Then I found out about CrowdSec, and it seems that it attaches to whatever reverse-proxy service one uses?
The real question is: Together with CrowdSec, what other services/setup would you recommend for security?...
CrowdSec agent: runtime errors when processing Traefik logs
I'm facing multiple warnings in the crowdsec-agent logs when trying to process events from Traefik:
go
Copiar
Editar...
k8s bouncer key from Secret
I was able to successfully configure the Traefik bouncer connecting to the Crowdsec deployed via the helm chart. Currently the bouncer key is specified in the values.yaml and the Middleware manifest. Has anyone configured this value from a kubernetes Secret so that it's not committed to SCM along with the rest of the yaml manifests?
Best Bouncer Configuration for AppSec on a LAMP Server
Hello, I have a question. I currently have several LAMP web servers, notably with Apache2 + PHP. Right now, Iād like to set up AppSec, but first I want to install the appropriate bouncers. I see that there is a bouncer for PHP and another for Apache. What would you recommend? Should I install both, or just one of them? Which one would work best with AppSec? Thank you in advance.
Vaultwarden: `cscli explain` matches, but `metrics` disagree
I'm trying to integrate this collection: https://app.crowdsec.net/hub/author/Dominic-Wagner/collections/vaultwarden. I've hit the login endpoint with bad user info hundreds of time and see logs like the following.
From
cscli explain --file /logs/vaultwarden.log --type Vaultwarden:
line: [TIMESTAMP][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 111.111.111.111. Username: user@example.com.
ā s00-raw...No decisions and no alerts in the console
I have a problem with a server setup as it does not show any decisions made nor does it show any alerts on the console. Please see the attached text for a full description of the situation. Thanks in advance for any help offered.
Filtering specific URI in CrowdSec profile
Hi,
I'm trying to fine-tune my CrowdSec profile to avoid false bans caused by Immich (self-hosted photo manager), which triggers http-crawl-non_statics due to many API calls like /api/album/.
My current profile:
...
Debian apt install - How not to install discovered collections automatically
Hello,
I install Crowdsec via apt package(https://docs.crowdsec.net/docs/getting_started/install_crowdsec/#install-the-security-engine) and everything is installed/configured via an Ansible role.
When the installation is complete, I realize that some collections are automatically installed....
New to crowdsec: next steps
Hi! i'm new to crowdsec and i dont known to do after the instalation to start blocking ips, lol
can someone help me?...