search

fbonalair / traefik-crowdsec-bouncer

A http service to verify request and bounce them according to decisions made by CrowdSec.
MIT License
266 stars 21 forks source link

traefik-bouncer not connecting #41

Open lewisd19 opened 1 year ago

lewisd19 commented 1 year ago

I am having a strange issue getting the traefik-bouncer up and running. Ive followed the steps and have got it going successfully on two other hosts but for whatever reason the host im attempting to get it going on will not connect to my traefik container. Im not sure what Im missing and super confused.

cscli bouncers list:

`---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Name IP Address Valid Last API pull Type Version Auth Type

blocklistMirror 172.168.90.1 ✔️ 2022-11-25T13:20:15Z crowdsec-blocklist-mirror v0.0.1-debian-pragmatic-0c8983c08afb28d82d18c4835458aaa0019- api-key 3fa4f traefik-bouncer ✔️ 2022-11-25T13:15:28Z api-key ----------------------------------------------------------------------------------------------------------------------------------------------------------------------`

logs from traefik-bouncer in debug:

`[GIN-debug] GET /api/v1/ping --> github.com/fbonalair/traefik-crowdsec-bouncer/controler.Ping (2 handlers) [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production. [GIN-debug] Listening and serving HTTP on :8080 [GIN-debug] Environment variable PORT is undefined. Using port :8080 by default [GIN-debug] GET /api/v1/metrics --> github.com/fbonalair/traefik-crowdsec-bouncer/controler.Metrics (2 handlers) [GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value. [GIN-debug] GET /api/v1/healthz --> github.com/fbonalair/traefik-crowdsec-bouncer/controler.Healthz (2 handlers) [GIN-debug] GET /api/v1/forwardAuth --> github.com/fbonalair/traefik-crowdsec-bouncer/controler.ForwardAuth (2 handlers)

also was getting this error which prompted me to nuke the setup and start over:

{"level":"warn","error":"invalid character 'p' after top-level value","time":"2022-11-24T01:29:00Z","message":"An error occurred while checking IP """}

Any ideas? Thanks in advance.

jphp3405 commented 1 year ago

Hello,

I have the same issue.

Here is my setup: 

  crowdsec:
    <<: *common-keys-core 
    image: crowdsecurity/crowdsec
    container_name: crowdsec
    ports:
      - "8080:8080"
    environment:
      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux baudneo/gotify LePresidente/jellyfin LePresidente/jellyseerr crowdsecurity/mariadb crowdsecurity/nextcloud schiz0phr3ne/prowlarr schiz0phr3ne/radarr schiz0phr3ne/sonarr timokoessler/uptime-kuma Dominic-Wagner/vaultwarden"
      GID: "${GID-1001}"
    volumes:
      - $LOGSDIR:/logs:ro
      - /var/log:/var/log:ro
      - $APPDATADIR/crowdsec/data:/var/lib/crowdsec/data
      - $APPDATADIR/crowdsec/config:/etc/crowdsec

# CrowdSec Bouncer - Traefik
  traefik-bouncer:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    image: fbonalair/traefik-crowdsec-bouncer
    container_name: traefik-bouncer
    expose:
      - 8080
    depends_on:
      - crowdsec
    environment:
      GIN_MODE: release 
      CROWDSEC_BOUNCER_API_KEY : $CROWDSEC_BOUNCER_TRAEFIK_API_KEY 
      CROWDSEC_AGENT_HOST : crowdsec:8080

Have you resolve it ?

yfhyou commented 1 year ago

https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin Check out the traefik plugin to do the same. Maintainer updates it frequently, with many more config options.

slimshizn commented 1 year ago

Thanks for the input about the alternate bouncer, but that doesn't help this bouncer. I'm also having issues getting it to connect. If anyone has a solution other than another bouncer.

ppokrovsky commented 1 year ago

Which port are you using to connect to crowdsec container? I figured that crowdsec container for unraid opens two ports: 6060 and 8081 While trying to connect to 6060, I experienced the same issue. Meanwhile I switched to using traefik plugin and never tried connecting bouncer to port 8081. You can try to point bouncer to port 8081 for crowdsec container, maybe that would solve the issue.

Psycho0verload commented 1 year ago

@lewisd19 & @jphp3405 Which host system do you use?

thamow commented 7 months ago

Still having the same issue here (with a stand-alone container as well as when using the plugin). I'm using ubuntu server 22.04.4 LTS as a VM on Promxox. I don't think this matters here but I do have a ufw aktiv blocking most incoming connections but since this is all routed through the internal docker network the firewall should be irrelevant, right?

Edit: I conducted following tests: ping traefik-bouncer:8080 from within the traefik container -> works just fine ping http://traefik-bouncer:8080/api/v1/ping -> results in ping: bad address 'http://traefik-bouncer:8080/api/v1/ping'