C
CrowdSec2mo ago
Anthony LABADIE

Traefik bouncer not connecting to LAPI

Hello everyone, I'm facing a very persistent issue with the Traefik bouncer in a Docker Compose setup and I'm running out of ideas after extensive debugging. For context, this whole setup is running on a mini-PC with Debian. The Goal: A standard setup with Traefik as a reverse proxy, protected by CrowdSec. The Core Problem: The Traefik bouncer never communicates with the LAPI. The output of cscli bouncers list consistently shows an empty Last API pull for the traefik-bouncer, while manual tests work perfectly traefik_conf/dynamic.yml (fichier de conf dynamique) : Summary of Debugging Steps (Everything we've tried) The bouncer fails silently. Traefik's DEBUG logs show the plugin being loaded and the middleware being applied to routers, but there is never an error or any log line indicating a connection attempt to the LAPI. Has anyone ever encountered such a persistent, silent failure? Could this point to a deeper, more obscure issue with the host environment (Docker networking stack, iptables, kernel version)? Thanks in advance for any insights!
No description
No description
No description
5 Replies
CrowdSec
CrowdSec2mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
CrowdSec
CrowdSec2mo ago
Resolving Traefik bouncer not connecting to LAPI This has now been resolved. If you think this is a mistake please run /unresolve Unresolving Traefik bouncer not connecting to LAPI This has now been unresolved.
iiamloz
iiamloz2mo ago
I did the same thing when I was testing your missing a single key called enabled within the remediation configuration its false by default 
Enabled

    bool
    default: false
    Enable the plugin
Enabled

    bool
    default: false
    Enable the plugin
https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin#variables its the first in the list but I also missed it and also your version 1.3.2 is outdated you should bump it to 1.4.4
Anthony LABADIE
Anthony LABADIEOP2mo ago
Thanks for your message! The enabled true flag was indeed missing and an important part of the final configuration. However, it turned out the ultimate blocker was my host's firewall. The iptables FORWARD chain policy was set to DROP. The fix was to allow Docker's traffic with sudo iptables -I DOCKER-USER -j ACCEPT Everything is working perfectly now. Thanks again for the help 🙂
CrowdSec
CrowdSec2mo ago
Resolving Traefik bouncer not connecting to LAPI This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?