C
CrowdSec3mo ago
xd003

Traefik Bouncer not pulling from CrowdSec API

I'm running both crowdsec-firewall-bouncer and crowdsec-traefik-bouncer. While the firewall bouncer is working fine and regularly pulling decisions, the Traefik bouncer is listed in cscli bouncers list but shows no IP address or last API pull timestamp: It seems the Traefik bouncer isn't communicating with the CrowdSec API. Any idea how to troubleshoot or resolve this?
No description
5 Replies
CrowdSec
CrowdSec3mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
xd003
xd003OP3mo ago
No description
xd003
xd003OP3mo ago
For info, I’m running CrowdSec inside a Docker container, while the FirewallBouncer is running directly on the host. To allow the FirewallBouncer to access the CrowdSec API, I’ve published the container port like this: 127.0.0.1:9876:8080 This binds the API to localhost, which works for the host-based FirewallBouncer. However, the TraefikBouncer runs inside the Traefik container, which shares the Docker network with the CrowdSec container. It tries to reach the API via http://crowdsec:8080 
services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    ports:
      - 127.0.0.1:9876:8080 # port mapping for local firewall bouncers
    expose:
      - 8080 # http api for bouncers
      - 7422 # appsec waf endpoint
    environment:
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
      GID: "${GID-1000}"
      ENROLL_INSTANCE_NAME: ""
    volumes:
      - ./acquis.d:/etc/crowdsec/acquis.d
      - traefik_logs:/var/log/traefik:ro
      - crowdsec_db:/var/lib/crowdsec/data/
      - crowdsec_config:/etc/crowdsec/

networks:
  default:
    driver: bridge
    name: crowdsec
services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    ports:
      - 127.0.0.1:9876:8080 # port mapping for local firewall bouncers
    expose:
      - 8080 # http api for bouncers
      - 7422 # appsec waf endpoint
    environment:
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
      GID: "${GID-1000}"
      ENROLL_INSTANCE_NAME: ""
    volumes:
      - ./acquis.d:/etc/crowdsec/acquis.d
      - traefik_logs:/var/log/traefik:ro
      - crowdsec_db:/var/lib/crowdsec/data/
      - crowdsec_config:/etc/crowdsec/

networks:
  default:
    driver: bridge
    name: crowdsec
FirewallBouncer (Running on host directly) tries connecting at - http://127.0.0.1:9876/ TraefikBouncer (Inside crowdsec network) tries connecting at - crowdsec:8080 For further debugging, i logged into traefik container and ran wget -O- --header="X-Api-Key: API_KEY" http://crowdsec:8080/v1/decisions" which works perfectly fine indicating that traefik container can reach crowdsec:8080 just fine. Hello, any clue what might be causing this ?
iiamloz
iiamloz3mo ago
Can you show traefik configuration for the remediation?
xd003
xd003OP3mo ago
Sure 
          
    crowdsec:
      plugin:
        bouncer:
          enabled: true
          crowdsecMode: stream
          crowdsecLapiKey: API_KEY
          crowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          crowdsecAppsecEnabled: true
          crowdsecAppsecHost: crowdsec:7422
          crowdsecAppsecFailureBlock: true
          crowdsecAppsecUnreachableBlock: true
          banHTMLFilePath: /ban.html
          forwardedHeadersTrustedIPs:
            # private class ranges
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
          clientTrustedIPs:
            # private class ranges
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16   
          
    crowdsec:
      plugin:
        bouncer:
          enabled: true
          crowdsecMode: stream
          crowdsecLapiKey: API_KEY
          crowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          crowdsecAppsecEnabled: true
          crowdsecAppsecHost: crowdsec:7422
          crowdsecAppsecFailureBlock: true
          crowdsecAppsecUnreachableBlock: true
          banHTMLFilePath: /ban.html
          forwardedHeadersTrustedIPs:
            # private class ranges
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
          clientTrustedIPs:
            # private class ranges
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
Should i report this issue in Traefik bouncer's github repo ? I am not sure if it's something on crowdsec's end

Did you find this page helpful?