Linking Crowdsec with Dockerized Caddy

Solved

Container

Linux

Hiya folks, brand spankin new to Crowdsec, and I really like the look of everything but am currently quite overwhelmed.

I have a server at home that I have exposed on port 443 to the internet to host a simple site. The server is running the application inside of a docker container, and is proxied through Caddy on the same VM which is also in a docker container. I have installed the Crowdsec agent on the VM itself, and it is up and running and able to connect to the Crowdsec API.

I'm struggling to figure out how to get the agent to view the logs for Caddy. I have configured my caddyfile to log requests to the docker logs. I have also instealled the

crowdsecurity/docker-logs

crowdsecurity/docker-logs

parsers and the

crowdsecurity/caddy

crowdsecurity/caddy

collection. I have a

setup.caddy.yaml

setup.caddy.yaml

file in my

acquis.d

acquis.d

directory with the following:

source: docker
container_name:
  - caddy
labels:
  type: docker
  program: caddy

source: docker
container_name:
  - caddy
labels:
  type: docker
  program: caddy

I am not seeing any reports in the crowdsec logs, and trying to make my way through the documentation has been leaving me more confused than before, so I figured I would ask for help and guidance for how to get this set up. I would ideally like to configure the Caddy remediation component as well, but I have to set up the detection correctly first hahaha. Help is greatly appreciated!

EDIT:

Seems like crowdsec is seeing the logs but not parsing them correctly. The log is filled with:

time="2026-01-27T01:45:17Z" level=error msg="UnmarshalJSON : unexpected end of JSON input" line=
time="2026-01-27T01:45:17Z" level=warning msg="failed to run filter: unexpected end of JSON input (2:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, 'caddy') in ['', nil] &&\n | ^" id=little-paper module=parser name=crowdsecurity/caddy-logs stage=s01-parse

time="2026-01-27T01:45:17Z" level=error msg="UnmarshalJSON : unexpected end of JSON input" line=
time="2026-01-27T01:45:17Z" level=warning msg="failed to run filter: unexpected end of JSON input (2:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, 'caddy') in ['', nil] &&\n | ^" id=little-paper module=parser name=crowdsecurity/caddy-logs stage=s01-parse

every time a request is logged in the Caddy container.

CrowdSec•3w ago•

4 replies

stoye

Linking Crowdsec with Dockerized Caddy

Solved

Container

Linux

crowdsecurity/docker-logs

crowdsecurity/docker-logs

parsers and the

crowdsecurity/caddy

crowdsecurity/caddy

collection. I have a

setup.caddy.yaml

setup.caddy.yaml

file in my

acquis.d

acquis.d

directory with the following:

source: docker
container_name:
  - caddy
labels:
  type: docker
  program: caddy

source: docker
container_name:
  - caddy
labels:
  type: docker
  program: caddy

time="2026-01-27T01:45:17Z" level=error msg="UnmarshalJSON : unexpected end of JSON input" line=
time="2026-01-27T01:45:17Z" level=warning msg="failed to run filter: unexpected end of JSON input (2:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, 'caddy') in ['', nil] &&\n | ^" id=little-paper module=parser name=crowdsecurity/caddy-logs stage=s01-parse

time="2026-01-27T01:45:17Z" level=error msg="UnmarshalJSON : unexpected end of JSON input" line=
time="2026-01-27T01:45:17Z" level=warning msg="failed to run filter: unexpected end of JSON input (2:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, 'caddy') in ['', nil] &&\n | ^" id=little-paper module=parser name=crowdsecurity/caddy-logs stage=s01-parse

every time a request is logged in the Caddy container.

Linking Crowdsec with Dockerized Caddy

Similar Threads

Linking Crowdsec with Dockerized Caddy

Similar Threads

Similar Threads

Similar Threads