C
CrowdSec3mo ago
EthicalPrivaSecretarium

Zoraxy X Crowdsec Docker setup

Here's my custom compose.yaml to fit TrueNAS 
services:
  zoraxy:
    image: zoraxydocker/zoraxy:latest
    container_name: zoraxy
    restart: unless-stopped
    networks:
      - proxy
    ports:
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 80
        target: 80
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 443
        target: 443
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 8000
        target: 8000
    volumes:
      - ./config/:/opt/zoraxy/config/
      - ./plugin/:/opt/zoraxy/plugin/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime
    extra_hosts:
      - "host.docker.internal:host-gateway"
    environment:
      FASTGEOIP: "true"
      DOCKER: "true"

  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: zoraxy-crowdsec
    environment:
      GID: "${GID-1000}"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec/db:/var/lib/crowdsec/data/
      - ./crowdsec/config:/etc/crowdsec/
      - ./config/log:/var/log/zoraxy/:ro
    networks:
      - proxy
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
networks:
  proxy:
    external: true
services:
  zoraxy:
    image: zoraxydocker/zoraxy:latest
    container_name: zoraxy
    restart: unless-stopped
    networks:
      - proxy
    ports:
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 80
        target: 80
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 443
        target: 443
      - host_ip: x.x.x.x
        mode: ingress
        protocol: tcp
        published: 8000
        target: 8000
    volumes:
      - ./config/:/opt/zoraxy/config/
      - ./plugin/:/opt/zoraxy/plugin/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime
    extra_hosts:
      - "host.docker.internal:host-gateway"
    environment:
      FASTGEOIP: "true"
      DOCKER: "true"

  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: zoraxy-crowdsec
    environment:
      GID: "${GID-1000}"
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec/db:/var/lib/crowdsec/data/
      - ./crowdsec/config:/etc/crowdsec/
      - ./config/log:/var/log/zoraxy/:ro
    networks:
      - proxy
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
networks:
  proxy:
    external: true
Using this plugin for Zoraxy: https://github.com/AnthonyMichaelTDM/zoraxy_crowdsec_bouncer/tree/main All are configured and working properly except when I use cscli decisions add --ip to ban my IP for a test, I can still access to services
GitHub
GitHub - AnthonyMichaelTDM/zoraxy_crowdsec_bouncer: WIP crowdsec in...
WIP crowdsec integration for the zoraxy reverse proxy - AnthonyMichaelTDM/zoraxy_crowdsec_bouncer
5 Replies
CrowdSec
CrowdSec3mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
EthicalPrivaSecretarium
EthicalPrivaSecretariumOP3mo ago
🙁 I renewed the API key. And can confirm that's not the issue
No description
EthicalPrivaSecretarium
EthicalPrivaSecretariumOP3mo ago
level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 127.0.0.1:8080: connect: connection refused" 

level=warning msg="failed to send metrics: Post \"http://127.0.0.1:8080/v1/usage-metrics\": dial tcp 127.0.0.1:8080: connect: connection refused" 

[Crowdsec Bouncer Plugin for Zoraxy:41] time="2025-10-06T16:42:48+02:00" level=warning msg="Signal handler received an error: interrupt error: SIGTERM" 

Plugin Crowdsec Bouncer Plugin for Zoraxy background process stopped 

[Crowdsec Bouncer Plugin for Zoraxy:48] Zoraxy Crowdsec Bouncer started at 127.0.0.1:5943/
level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 127.0.0.1:8080: connect: connection refused" 

level=warning msg="failed to send metrics: Post \"http://127.0.0.1:8080/v1/usage-metrics\": dial tcp 127.0.0.1:8080: connect: connection refused" 

[Crowdsec Bouncer Plugin for Zoraxy:41] time="2025-10-06T16:42:48+02:00" level=warning msg="Signal handler received an error: interrupt error: SIGTERM" 

Plugin Crowdsec Bouncer Plugin for Zoraxy background process stopped 

[Crowdsec Bouncer Plugin for Zoraxy:48] Zoraxy Crowdsec Bouncer started at 127.0.0.1:5943/
Loz
Loz3mo ago
Did you manage to resolve this @EthicalPrivaSecretarium ? I saw some conversations on zoraxy discussions. If not it seems you have configured the api_url as 127.0.0.1 but shouldnt it the the container so docker dns can handle it? like http://zoraxy-crowdsec:8080
EthicalPrivaSecretarium
EthicalPrivaSecretariumOP3mo ago
Hi Loz, It's a honor to read an answer from the head of professional services! Yeah man, I worked on it for a day. ChatGPT did helped me a bit but it's mostly running in an viscious circle. I did change to http://zoraxy-crowdsec:8080 in the plugin's config.yaml Learned from the AI. https://chatgpt.com/share/68e4e6a0-b3a4-8010-9bee-6d850b7c8539 The ultimate thing is that I had to assign the plugin to the tag which Anthony hasn't mentionned in readme. https://github.com/tobychui/zoraxy/discussions/338#discussioncomment-14609190 Finally got working after about 24 hours that I begun Zoraxy installation.
ChatGPT
ChatGPT - CrowdSec bouncer in Zoraxy
Shared via ChatGPT
GitHub
Crowdsec support · tobychui zoraxy · Discussion #338
would be nice, if there was a crowdsec parser plugin

Did you find this page helpful?