Services with internal subdomain get blocked with Traefik bouncer
Hi, I need some guidance.
I have setup Traefik in Docker with services reachable with an internal subdomain, for example heimdall.domain.com. Heimdall is running in a Proxmox LXC with IP address 192.168.30.30.
I have setup the fbonalair/traefik-crowdsec-bouncer in Docker.
I have added a middelware to Traefik with the name: middlewares-traefik-bouncer.yml and the content:
"http:
middlewares:
middlewares-traefik-bouncer:
forwardAuth:
address: "http://traefik-bouncer:8080/api/v1/forwardAuth"
trustForwardHeader: true"
I have added the TRaefik middelware to my different chains, for example the chain-no-auth.yml with the following content: "http: middlewares: chain-no-auth: chain: middlewares: - middlewares-traefik-bouncer - middlewares-rate-limit - middlewares-secure-headers # - middlewares-compress" When I restart Crowdsec, all my internal service with a subdomain are not reachable anymore. I get a forbidden page. I have a custom whitelist in Crowdsec with the following content, but that doesn't fix the problem: " name: crowdsecurity/whitelists description: "Whitelist events from own/known IP addresses" whitelist: reason: "Trusted IPs" ip: - "@@@" # WAN IP - "127.0.0.1" # Local Host cidr: - "192.168.0.0/16" # Local IPs - "10.0.0.0/8" # Local IPs - "172.16.0.0/12" # Local/Docker IPs - "fe80::/10" # Local IPs - "fc00::/7" # Local IPs What do I need to do to fix this?
I have added the TRaefik middelware to my different chains, for example the chain-no-auth.yml with the following content: "http: middlewares: chain-no-auth: chain: middlewares: - middlewares-traefik-bouncer - middlewares-rate-limit - middlewares-secure-headers # - middlewares-compress" When I restart Crowdsec, all my internal service with a subdomain are not reachable anymore. I get a forbidden page. I have a custom whitelist in Crowdsec with the following content, but that doesn't fix the problem: " name: crowdsecurity/whitelists description: "Whitelist events from own/known IP addresses" whitelist: reason: "Trusted IPs" ip: - "@@@" # WAN IP - "127.0.0.1" # Local Host cidr: - "192.168.0.0/16" # Local IPs - "10.0.0.0/8" # Local IPs - "172.16.0.0/12" # Local/Docker IPs - "fe80::/10" # Local IPs - "fc00::/7" # Local IPs What do I need to do to fix this?
3 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
I would recommend to move away from fbonalair container as it hasn't recieved updates in 3 years and move across to the traefik plugin which is better supported
https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
GitHub
GitHub - maxlerebourg/crowdsec-bouncer-traefik-plugin: Traefik plug...
Traefik plugin for Crowdsec - WAF and IP protection - maxlerebourg/crowdsec-bouncer-traefik-plugin
OK thanks. I will look into it