Question about bouncer in docker compose

[ipod86]

I read this line in docker compose. Where is the bouncer added?

https://github.com/crowdsecurity/example-docker-compose/blob/574db5669fee8a49280f5bde7489631dc48c11c1/basic/docker-compose.yml#L32

Can I create this docker compose as it is in portainer as a stack and then have an nginx reverse proxy protected by crowdsec?

Please excuse my bad English

[LaurenceJJones]

There is a mistake on this compose, there should be a configuration to expose the port locally for example

  crowdsec:
    image: crowdsecurity/crowdsec
    restart: always
    environment:
      #this is the list of collections we want to install
      #https://hub.crowdsec.net/author/crowdsecurity/collections/nginx
      COLLECTIONS: "crowdsecurity/nginx"
      GID: "${GID-1000}"
    depends_on:
      - 'reverse-proxy'
    ports:
      - '127.0.0.1:8080:8080'
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - logs:/var/log/nginx
      - crowdsec-db:/var/lib/crowdsec/data/
      - crowdsec-config:/etc/crowdsec/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.4

This will allow the firewall bouncer to connect via the local port of 127.0.0.1:8080 on the host that is running docker

[ipod86]

Thanks for your answer.

Do I need to install iptables or ufw on the host?

Is the nginx reverse proxy secured with the script or do I need to do something else?

When I run compose I get the following error:

failed to deploy a stack: reverse-proxy Pulling app Pulling crowdsec Pulling d25f557d7f31 Pulling fs layer c8847431ac1f Pulling fs layer 4f74a3b21a18 Pulling fs layer 29213c44cbc7 Pulling fs layer a0680a457fca Pulling fs layer f4e4e3d088ac Pulling fs layer 8139fcfbe069 Pulling fs layer d8458a597544 Pulling fs layer cb8bfded6a1b Pulling fs layer fd5f7bf4de8b Pulling fs layer 29213c44cbc7 Waiting a0680a457fca Waiting f4e4e3d088ac Waiting 8139fcfbe069 Waiting d8458a597544 Waiting cb8bfded6a1b Waiting fd5f7bf4de8b Waiting 46b060cc2620 Pulling fs layer 21af147d2ad5 Pulling fs layer b3ee43e51ca6 Pulling fs layer b17a9d410da1 Pulling fs layer 542e3e75411d Pulling fs layer 2b2faad386df Pulling fs layer a5e22afba545 Pulling fs layer fb923a41dc10 Pulling fs layer 46b060cc2620 Waiting 21af147d2ad5 Waiting b3ee43e51ca6 Waiting b17a9d410da1 Waiting 542e3e75411d Waiting 2b2faad386df Waiting a5e22afba545 Waiting fb923a41dc10 Waiting c6a83fedfae6 Already exists bbe919991dd6 Pulling fs layer a90fe20396e5 Pulling fs layer 4f4fb700ef54 Pulling fs layer 9a81e64d2320 Pulling fs layer 96e5c634e34d Pulling fs layer 882a7e68a8e1 Pulling fs layer bbe919991dd6 Waiting a90fe20396e5 Waiting 4f4fb700ef54 Waiting 9a81e64d2320 Waiting 96e5c634e34d Waiting 882a7e68a8e1 Waiting c8847431ac1f Downloading [> ] 17.8kB/1.668MB d25f557d7f31 Downloading [> ] 36.88kB/3.622MB c8847431ac1f Downloading [=========> ] 331kB/1.668MB d25f557d7f31 Downloading [====> ] 327.7kB/3.622MB 4f74a3b21a18 Downloading [> ] 440.5kB/43.97MB c8847431ac1f Downloading [==================> ] 625.9kB/1.668MB d25f557d7f31 Downloading [=======> ] 524.3kB/3.622MB 4f74a3b21a18 Downloading [=> ] 882.9kB/43.97MB c8847431ac1f Downloading [======================> ] 744.7kB/1.668MB d25f557d7f31 Downloading [==========> ] 773.4kB/3.622MB c8847431ac1f Downloading [==================================> ] 1.138MB/1.668MB d25f557d7f31 Downloading [================> ] 1.216MB/3.622MB c8847431ac1f Downloading [========================================> ] 1.367MB/1.668MB 4f74a3b21a18 Downloading [=> ] 1.338MB/43.97MB c8847431ac1f Verifying Checksum c8847431ac1f Download complete d25f557d7f31 .... .... ....

[LaurenceJJones]

I get the following error:

Remember these are examples, you have to tailor the compose to how you want to use CrowdSec it not just as simple as copy and paste. You need to know what you want to do.

[ipod86]

The example looked plausible to me as it is ^^. I want to secure an npm that I want to run in docker.

I once read that you can't run all docker-compose in portainer. This seems to be one of those. Unfortunately, I'm not that familiar with docker yet.