Closed Imzxhir closed 8 hours ago
Hello, have you read our Readme? Everything is very well explained.
We've provided a number of implementation examples in the /examples
folder.
Don't use all the config fields, it's useless.
Like @maxlerebourg said, you should start with a simpler configuration example, like the app-sec one here https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/appsec-enabled/docker-compose.appsec-enabled.yml
or even simpler https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/docker-compose.yml`.
Try to ban your own IP check it works, then add more things to the configuration to match your setup. Also, use logLevel: DEBUG, and look at the logs, it helps most of the time to fix config issues.
Would you recommend using appsec mode when I am using CrowdSec outside of docker?
It depends on your needs, our setup is different than yours. But generally add AppSec to your setup is a good idea.
Crowdsec can be running in docker, podman, kubernetes, nomad, openshift, on bare metal it does'nt matter. It can even run on another node as long as there is permanent connectivity between Traefik which hosts the plugin and Crowdsec appsec component.
So, after looking into the README more and changing a few values to work with my setup like adding cloudflare as a trusted proxy / IP, I tried to test CrowdSec by banning my own IP but it did not work again, and I was still able to access the services I host using docker. I checked my logs, and everything seemed to be fine with no errors found.
Here is my updated configuration:
docker-compose.yml:
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- cf_api_token
env_file: .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
- ./logs:/var/log/traefik
- ./ban.html:/ban.html
- ./captcha.html:/captcha.html
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=example.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.api.middlewares=authelia@docker"
- "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
- "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
- "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name"
depends_on:
- "crowdsec"
cloudflare:
image: traefik:latest
container_name: cloudflare
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
command:
- "--log.level=DEBUG"
- "--accesslog"
- "--accesslog.filepath=/var/log/traefik/access.log"
- "--api.insecure=true"
- "--entrypoints.web.address=:90"
- "--providers.file.filename=/cloud.yaml"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./cloudflare.yaml:/cloud.yaml:ro
- logs-cloudflare:/var/log/traefik
ports:
- 90:80
whoami1:
image: traefik/whoami
container_name: simple-service-foo
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.router-foo.rule=Path(`/foo`)"
- "traefik.http.routers.router-foo.entrypoints=http"
- "traefik.http.routers.router-foo.middlewares=crowdsec@file"
- "traefik.http.services.service-foo.loadbalancer.server.port=80"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.enabled=true"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapikey=FIXME-LAPI-KEY"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecmode=appsec"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.forwardedheaderstrustedips=172.21.0.5"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.loglevel=DEBUG"
whoami2:
image: traefik/whoami
container_name: simple-service-bar
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.router-bar.rule=Path(`/bar`)"
- "traefik.http.routers.router-bar.entrypoints=http"
- "traefik.http.routers.router-bar.middlewares=crowdsec@file"
- "traefik.http.services.service-bar.loadbalancer.server.port=80"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.enabled=true"
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
environment:
COLLECTIONS: "crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules LePresidente/authelia"
CUSTOM_HOSTNAME: crowdsec
BOUNCER_KEY_TRAEFIK: FIXME-LAPI-KEY
volumes:
- ./config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
- ./logs:/var/log/traefik:ro
- crowdsec-db:/var/lib/crowdsec/data/
- crowdsec-config:/etc/crowdsec/
labels:
- "traefik.enable=false"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html"
volumes:
logs:
logs-cloudflare:
crowdsec-db:
crowdsec-config:
secrets:
cf_api_token:
file: ./cf_api_token.txt
networks:
proxy:
external: true
cloudflare.yaml:
http:
routers:
router0:
entryPoints:
- web
service: service-foo
rule: Path(`/foo`)
services:
service-foo:
loadBalancer:
servers:
- url: http://traefik/foo:80
traefik.yml:
# Don't send telemetry data
global:
checkNewVersion: true
sendAnonymousUsage: false
# Disable SSL Verification between Traefik and Docker
serversTransport:
insecureSkipVerify: true
# Enable Dashboard
api:
dashboard: true
debug: true
entryPoints:
# Redirect every HTTP request to HTTPS
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
forwardedHeaders:
trustedIPs:
- 172.21.0.5
# HTTPS endpoint
https:
address: ":443"
http:
middlewares:
- default-headers@file
providers:
# Docker provider for connecting all apps that are inside the docker network
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# File provider for connecting things outside of docker and defining middlewares
file:
filename: /config.yml
watch: true
# Show Traefik where to put logs
log:
level: "INFO"
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
# Use Cloudflare to generate SSL certificates
certificatesResolvers:
cloudflare:
acme:
email: test@example.com
storage: acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
disablePropagationCheck: true
delayBeforeCheck: 60s
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
experimental:
plugins:
bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.3.3
config.yml:
tls:
options:
modern:
minVersion: "VersionTLS13"
intermediate:
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
http:
routers:
traefik:
rule: "Host(`traefik.example.com`)"
entryPoints: "https"
service: "api@internal"
middlewares:
- "authelia@file"
authelia:
rule: "Host(`auth.example.com`)"
entryPoints: "https"
service: "authelia@file"
services:
authelia:
loadBalancer:
servers:
- url: "http://authelia:9091/"
middlewares:
# HTTPS Redirects
https-redirect:
redirectScheme:
scheme: https
permanent: true
# Authelia Authentication
authelia:
forwardAuth:
address: "http://authelia:9091/api/authz/forward-auth"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
# Authelia Basic Authentication
authelia-basic:
forwardAuth:
address: "https://authelia:9091/api/verify?auth=basic"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
crowdsec:
plugin:
bouncer:
enabled: true
logLevel: DEBUG
crowdsecMode: appsec
crowdsecAppsecEnabled: true
crowdsecLapiKey: FIXME-LAPI-KEY
crowdsecLapiScheme: http
forwardedHeadersTrustedIPs:
- 172.21.0.5
captchaProvider: turnstile
captchaSiteKey: key
captchaSecretKey: key
captchaHTMLFilePath: /captcha.html
banHTMLFilePath: /ban.html
# Security Headers
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipAllowList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
I have hidden some values in the files for privacy and security reasons. Let me know if you need any other information.
Hi @ Imzxhir Did you found a solution ? I have the same problem ...
I have not found a solution, as I’m waiting for a response from my message above. Your issue could be different issue than mine. I suggest creating a separate GitHub Issue about your problem, to keep our issues separate.
I have not found a solution, as I’m waiting for a response from my message above. Your issue could be different issue than mine. I suggest creating a separate GitHub Issue about your problem, to keep our issues separate.
Can you provide Traefik debug and Crowdsec logs so I can look ?
I used docker-compose.yml
to make a working example that uses same version as you do (pinned)
services:
traefik:
image: "traefik:v3.1.5"
container_name: "traefik"
restart: unless-stopped
command:
- "--accesslog"
- "--accesslog.filepath=/var/log/traefik/access.log"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
- "--experimental.plugins.bouncer.version=v1.3.3"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "logs:/var/log/traefik"
ports:
- 8000:80
- 8080:8080
depends_on:
- 'crowdsec'
whoami1:
image: traefik/whoami
container_name: "simple-service-foo"
restart: unless-stopped
labels:
- "traefik.enable=true"
# Definition of the router
- "traefik.http.routers.router-foo.rule=Path(`/foo`)"
- "traefik.http.routers.router-foo.entrypoints=web"
- "traefik.http.routers.router-foo.middlewares=crowdsec@docker"
# Definition of the service
- "traefik.http.services.service-foo.loadbalancer.server.port=80"
whoami2:
image: traefik/whoami
container_name: "simple-service-bar"
restart: unless-stopped
labels:
- "traefik.enable=true"
# Definition of the router
- "traefik.http.routers.router-bar.rule=Path(`/bar`)"
- "traefik.http.routers.router-bar.entrypoints=web"
- "traefik.http.routers.router-bar.middlewares=crowdsec@docker"
# Definition of the service
- "traefik.http.services.service-bar.loadbalancer.server.port=80"
# Definitin of the middleware
- "traefik.http.middlewares.crowdsec.plugin.bouncer.enabled=true"
# crowdseclapikey is the key to authenticate to crowdsec
- "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapikey=FIXME-LAPI-KEY-1="
# enable AppSec real time check
- "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecappsecenabled=true"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.loglevel=DEBUG"
# forwardedheaderstrustedips should be the IP of the proxy that is in front of traefik (if any)
- "traefik.http.middlewares.crowdsec.plugin.bouncer.forwardedheaderstrustedips=172.21.0.5"
crowdsec:
image: crowdsecurity/crowdsec:v1.6.3
container_name: "crowdsec"
restart: unless-stopped
environment:
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
CUSTOM_HOSTNAME: crowdsec
# We need to register one api key per service we will use
BOUNCER_KEY_TRAEFIK: FIXME-LAPI-KEY-1=
volumes:
- ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
- logs:/var/log/traefik:ro
- crowdsec-db:/var/lib/crowdsec/data/
- crowdsec-config:/etc/crowdsec/
labels:
- "traefik.enable=false"
volumes:
logs:
crowdsec-db:
crowdsec-config:
The aquis.yaml is from the main branch.
Here is an exemple of Traefik debug logs generated after start, visit the whoami container, then banning the IP reported in whoami, and trying to access again
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 IP 172.21.0.5 is trusted
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 New initialized mode:live
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 IP 172.21.0.5 is trusted
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 New initialized mode:live
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:47 ServeHTTP ip:172.19.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:47 cache:Get key:172.19.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:47 ServeHTTP:Get ip:172.19.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:47 cache:Set key:172.19.0.1 value:f duration:60s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:51 ServeHTTP ip:172.19.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:51 cache:Get key:172.19.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:51:51 ServeHTTP ip:172.19.0.1 cache:hit isBanned:f
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 ServeHTTP ip:172.19.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 cache:Get key:172.19.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 ServeHTTP:Get ip:172.19.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 cache:Set key:172.19.0.1 value:t duration:60s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 ServeHTTP:handleNoStreamCache ip:172.19.0.1 isBanned:t handleNoStreamCache:banned
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:53:33 handleRemediationServeHTTP ip:172.19.0.1 remediation:t
Here are the commands use to play with the crowdsec container:
mhx@PC:~/projects/crowdsec-bouncer-traefik-plugin$ docker exec crowdsec cscli decisions list
No active decisions
m@PC:~/projects/crowdsec-bouncer-traefik-plugin$ docker exec crowdsec cscli decisions add
level=fatal msg="missing arguments, a value is required (--ip, --range or --scope and --value)"
m@PC:~/projects/crowdsec-bouncer-traefik-plugin$ docker exec crowdsec cscli decisions add 172.19.0.1
level=fatal msg="accepts 0 arg(s), received 1"
m@PC:~/projects/crowdsec-bouncer-traefik-plugin$ docker exec crowdsec cscli decisions add --ip 172.19.0.1
level=info msg="Decision successfully added"
m@PC:~/projects/crowdsec-bouncer-traefik-plugin$ docker exec crowdsec cscli decisions list
+-------+--------+---------------+------------------------------+--------+---------+----+--------+------------+----------+
| ID | Source | Scope:Value | Reason | Action | Country | AS | Events | expiration | Alert ID |
+-------+--------+---------------+------------------------------+--------+---------+----+--------+------------+----------+
| 87001 | cscli | Ip:172.19.0.1 | manual 'ban' from 'crowdsec' | ban | | | 1 | 3h59m56s | 30 |
+-------+--------+---------------+------------------------------+--------+---------+----+--------+------------+----------+
m@PC:~/projects/crowdsec-bouncer-traefik-plugin
Can you check that the example works for you ?
Then when you make it working you can add little to little more complexity, like authelia/nextcloud and other components. To help you further, I need the debug logs for Traefik
Hi @ Imzxhir Did you found a solution ? I have the same problem ...
Hi @pierre-H You can create a new issue if you want, in the meantime look at the msg above, it might help you have something working you can adapt to your config
Would you recommend using appsec mode when I am using CrowdSec outside of docker?
Also if crowdsec is running outside of docker, with your config this won't work because you didn't specify crowdsecLapiHost
which defaults to crowdsec:8080
and needs to be adjusted, but config errors like this are super easy to catch with Debug logs from the plugin
I have not found a solution, as I’m waiting for a response from my message above. Your issue could be different issue than mine. I suggest creating a separate GitHub Issue about your problem, to keep our issues separate.
Can you provide Traefik debug and Crowdsec logs so I can look ?
Here is my traefik.log:
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:235 > Loading plugins... plugins=["bouncer"]
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/plugins/plugins.go:30 > Loading of plugin: bouncer: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin@v1.3.3
2024-10-13T11:01:16+01:00 DBG github.com/hashicorp/go-retryablehttp@v0.7.7/client.go:661 > Performing request method=GET url=https://plugins.traefik.io/public/download/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/v1.3.3
2024-10-13T11:01:16+01:00 DBG github.com/hashicorp/go-retryablehttp@v0.7.7/client.go:661 > Performing request method=GET url=https://plugins.traefik.io/public/validate/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/v1.3.3
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:242 > Plugins loaded. plugins=["bouncer"]
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator aggregator.ProviderAggregator
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=https
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=http
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"filename":"/config.yml","watch":true}
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /config.yml
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *docker.Provider
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true}
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.Provider
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.Provider provider configuration config={"HTTPChallengeProvider":{},"ResolverName":"cloudflare","TLSChallengeProvider":{},"caServer":"https://ac>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:213 > Attempt to renew certificates "720h0m0s" before expiry and check every "24h0m0s" acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=cloudflar>
2024-10-13T11:01:16+01:00 INF github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:796 > Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=cloudflare.acme
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"redirect-http-to-https":{"redirectScheme":{"permanent":true,"port":"443","scheme":"https"}}},"mod>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"authelia":{"forwardAuth":{"address":"http://authelia:9091/api/authz/forward-auth","authResponseHe>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=cloudflare.acme
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:90 > Provider connection established with docker 27.3.1 (API 1.47) providerName=docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=crowdsec-traefik-d003acdd295f979792ae91fe3c61be5bff10502cd36e6e0766a68dba4d017236 providerName=docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=cloudflare-traefik-707f174838b9e2ee958edc08feb0927a64ea2ac58898bd4dab27a03657655eaa providerName=docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=satisfactory-server-satisfactory-57a7db61fd71d396a175ad1b6bb382bfb8046271599c667694c08614af317bf0 providerName=docker
2024-10-13T11:01:16+01:00 ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:224 > Middleware defined multiple times with different configurations configuration=["whoami1-traefik-37fca6828d4d624ecf3a651d17db1cbc2625436d249cbd6f4a26ad1612a7a>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"authelia":{"forwardAuth":{"address":"http://authelia:9091/api/authz/forward-auth","authResponseHe>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:29 > Creating middleware entryPointName=http middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme routerName=http-to-https@in>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:30 > Setting up redirection to https 443 entryPointName=http middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme routerName=>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/aggregator.go:51 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["http","https"] routerName=api
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:131 > Adding certificate for domain(s) *.example.com,example.com
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "logs.example.com"
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "logs.example.com"
2024-10-13T11:01:16+01:00 DBG log/log.go:245 > http: TLS handshake error from 172.70.162.149:31354: remote error: tls: unknown certificate authority
2024-10-13T11:01:16+01:00 DBG log/log.go:245 > http: TLS handshake error from 172.70.162.149:31338: remote error: tls: unknown certificate authority
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/forward.go:58 > Creating middleware entryPointName=https middlewareName=authelia@file middlewareType=ForwardAuth routerName=traefik@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=authelia@file routerName=traefik@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=traefik@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=traefik@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=https routerName=https-api@docker serviceName=traefik-traefik@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=https routerName=https-api@docker serverName=6115dc348ec32fa4 serviceName=traefik-traefik@docker target=http://172.18.0.8:80
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/forward.go:58 > Creating middleware entryPointName=https middlewareName=authelia@docker middlewareType=ForwardAuth routerName=https-api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=authelia@docker routerName=https-api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=https-api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=https-api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=https routerName=authelia@file serviceName=authelia@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=https routerName=authelia@file serverName=049351a86b600e64 serviceName=authelia@file target=http://authelia:9091/
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=authelia@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=authelia@file
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:29 > Creating middleware entryPointName=http middlewareName=traefik-https-redirect@docker middlewareType=RedirectScheme routerName=traefik@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:30 > Setting up redirection to https entryPointName=http middlewareName=traefik-https-redirect@docker middlewareType=RedirectScheme routerName=traef>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/forward.go:58 > Creating middleware entryPointName=http middlewareName=authelia@docker middlewareType=ForwardAuth routerName=api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=http middlewareName=authelia@docker routerName=api@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=http routerName=router-bar@docker serviceName=service-bar@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=http routerName=router-bar@docker serverName=6b567c1384106610 serviceName=service-bar@docker target=http://172.18.0.4:80
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=http middlewareName=crowdsec@file routerName=router-bar@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:29 > Creating middleware entryPointName=http middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme routerName=http-to-https@in>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:30 > Setting up redirection to https 443 entryPointName=http middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme routerName=>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=http routerName=router-foo@docker serviceName=service-foo@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=http routerName=router-foo@docker serverName=aee2e002004f527a serviceName=service-foo@docker target=http://172.18.0.6:80
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=http middlewareName=crowdsec@file routerName=router-foo@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=https routerName=dozzle@docker serviceName=dozzle@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=https routerName=dozzle@docker serverName=da81a48dc1e3586e serviceName=dozzle@docker target=http://172.18.0.2:8080
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/forward.go:58 > Creating middleware entryPointName=https middlewareName=authelia@docker middlewareType=ForwardAuth routerName=dozzle@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=authelia@docker routerName=dozzle@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=dozzle@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=dozzle@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=https routerName=authelia@docker serviceName=authelia-authelia@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=https routerName=authelia@docker serverName=8f711a5eab51f220 serviceName=authelia-authelia@docker target=http://172.18.0.3:9091
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=authelia@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=authelia@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:33 > Creating middleware entryPointName=https middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=traefik-secure@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=traefik-auth@docker routerName=traefik-secure@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:27 > Creating middleware entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=traefik-secure@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:41 > Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN true t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/headers/headers.go:47 > Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] map[] 15552000 true true true true SAMEORIGIN t>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=https middlewareName=default-headers@file routerName=traefik-secure@docker
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for auth.example.com with TLS options default entryPointName=https
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for traefik.example.com with TLS options default entryPointName=https
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for logs.example.com with TLS options default entryPointName=https
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:852 > Looking for provided certificate(s) to validate ["example.com" "*.example.com"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02>
2024-10-13T11:01:16+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:896 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/direct
Here is my cloudflare logs:
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:101 > Traefik version 3.1.6 built on 2024-10-09T13:57:41Z version=3.1.6
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:108 > Static configuration loaded [json] staticConfiguration={"accessLog":{"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}},"filePath":"/var/log/traefik/access.log","filters":{},"format":"common"},"api":{"dashboard":true,"insecure":true},"entryPoints":{"traefik":{"address":":8080","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"web":{"address":":90","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{"checkNewVersion":true},"log":{"format":"common","level":"DEBUG"},"providers":{"file":{"filename":"/cloud.yaml","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:617 >
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator aggregator.ProviderAggregator
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=web
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=traefik
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"filename":"/cloud.yaml","watch":true}
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /cloud.yaml
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2024-10-13T10:11:26Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"dashboard_redirect":{"redirectRegex":{"permanent":true,"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/"}},"dashboard_stripprefix":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]}}},"routers":{"api":{"entryPoints":["traefik"],"priority":9223372036854775806,"rule":"PathPrefix(`/api`)","ruleSyntax":"v3","service":"api@internal"},"dashboard":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority":9223372036854775805,"rule":"PathPrefix(`/`)","ruleSyntax":"v3","service":"dashboard@internal"}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"routers":{"router0":{"entryPoints":["web"],"rule":"Path(`/foo`)","service":"service-foo"}},"services":{"service-foo":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://traefik/foo:80"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=file
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/stripprefix/strip_prefix.go:32 > Creating middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:17 > Creating middleware entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:18 > Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ to ${1}/dashboard/ entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_redirect@internal routerName=dashboard@internal
2024-10-13T10:11:26Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/stripprefix/strip_prefix.go:32 > Creating middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:17 > Creating middleware entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:18 > Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ to ${1}/dashboard/ entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_redirect@internal routerName=dashboard@internal
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:268 > Creating load-balancer entryPointName=web routerName=router0@file serviceName=service-foo@file
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:310 > Creating server entryPointName=web routerName=router0@file serverName=990a10cec8bbc012 serviceName=service-foo@file target=http://traefik/foo:80
2024-10-13T10:11:27Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
Here is my crowdsec log:
Local agent already registered
Check if lapi needs to register an additional agent
/etc/crowdsec was found in a volume
Running hub update
Skipping hub update, index file is recent
/var/lib/crowdsec/data was found in a volume
Running hub upgrade
level=info msg="Upgrading parsers"
level=info msg="crowdsecurity/appsec-logs: up-to-date"
level=info msg="crowdsecurity/http-logs: up-to-date"
level=info msg="crowdsecurity/syslog-logs: up-to-date"
level=info msg="crowdsecurity/dateparse-enrich: up-to-date"
level=info msg="crowdsecurity/sshd-logs: up-to-date"
level=info msg="crowdsecurity/traefik-logs: up-to-date"
level=info msg="crowdsecurity/docker-logs: up-to-date"
level=info msg="LePresidente/authelia-logs: up-to-date"
level=info msg="crowdsecurity/whitelists: up-to-date"
level=info msg="crowdsecurity/cri-logs: up-to-date"
level=info msg="crowdsecurity/geoip-enrich: up-to-date"
level=info msg="Upgraded 0 parsers"
level=info msg="Upgrading postoverflows"
level=info msg="Upgraded 0 postoverflows"
level=info msg="Upgrading scenarios"
level=info msg="crowdsecurity/CVE-2022-42889: up-to-date"
level=info msg="crowdsecurity/CVE-2022-26134: up-to-date"
level=info msg="crowdsecurity/ssh-slow-bf: up-to-date"
level=info msg="crowdsecurity/CVE-2023-22515: up-to-date"
level=info msg="crowdsecurity/CVE-2022-41697: up-to-date"
level=info msg="crowdsecurity/http-bad-user-agent: up-to-date"
level=info msg="crowdsecurity/http-wordpress-scan: up-to-date"
level=info msg="crowdsecurity/http-cve-2021-42013: up-to-date"
level=info msg="crowdsecurity/http-generic-bf: up-to-date"
level=info msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: up-to-date"
level=info msg="crowdsecurity/CVE-2022-37042: up-to-date"
level=info msg="crowdsecurity/http-cve-2021-41773: up-to-date"
level=info msg="crowdsecurity/CVE-2022-41082: up-to-date"
level=info msg="crowdsecurity/appsec-vpatch: up-to-date"
level=info msg="crowdsecurity/thinkphp-cve-2018-20062: up-to-date"
level=info msg="crowdsecurity/CVE-2022-40684: up-to-date"
level=info msg="crowdsecurity/CVE-2019-18935: up-to-date"
level=info msg="crowdsecurity/fortinet-cve-2018-13379: up-to-date"
level=info msg="crowdsecurity/ssh-bf: up-to-date"
level=info msg="crowdsecurity/jira_cve-2021-26086: up-to-date"
level=info msg="crowdsecurity/ssh-cve-2024-6387: up-to-date"
level=info msg="crowdsecurity/http-crawl-non_statics: up-to-date"
level=info msg="crowdsecurity/CVE-2023-22518: up-to-date"
level=info msg="LePresidente/authelia-bf: up-to-date"
level=info msg="ltsich/http-w00tw00t: up-to-date"
level=info msg="crowdsecurity/f5-big-ip-cve-2020-5902: up-to-date"
level=info msg="crowdsecurity/http-open-proxy: up-to-date"
level=info msg="crowdsecurity/vmware-cve-2022-22954: up-to-date"
level=info msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: up-to-date"
level=info msg="crowdsecurity/CVE-2022-44877: up-to-date"
level=info msg="crowdsecurity/netgear_rce: up-to-date"
level=info msg="crowdsecurity/CVE-2023-49103: up-to-date"
level=info msg="crowdsecurity/http-admin-interface-probing: up-to-date"
level=info msg="crowdsecurity/grafana-cve-2021-43798: up-to-date"
level=info msg="crowdsecurity/apache_log4j2_cve-2021-44228: up-to-date"
level=info msg="crowdsecurity/CVE-2024-38475: up-to-date"
level=info msg="crowdsecurity/http-sqli-probing: up-to-date"
level=info msg="crowdsecurity/http-sensitive-files: up-to-date"
level=info msg="crowdsecurity/http-path-traversal-probing: up-to-date"
level=info msg="crowdsecurity/http-probing: up-to-date"
level=info msg="crowdsecurity/CVE-2017-9841: up-to-date"
level=info msg="crowdsecurity/spring4shell_cve-2022-22965: up-to-date"
level=info msg="crowdsecurity/http-backdoors-attempts: up-to-date"
level=info msg="crowdsecurity/http-cve-probing: up-to-date"
level=info msg="crowdsecurity/http-xss-probing: up-to-date"
level=info msg="crowdsecurity/CVE-2022-46169: up-to-date"
level=info msg="crowdsecurity/CVE-2022-35914: up-to-date"
level=info msg="Upgraded 0 scenarios"
level=info msg="Upgrading contexts"
level=info msg="crowdsecurity/http_base: up-to-date"
level=info msg="crowdsecurity/appsec_base: up-to-date"
level=info msg="crowdsecurity/bf_base: up-to-date"
level=info msg="Upgraded 0 contexts"
level=info msg="Upgrading appsec-configs"
level=info msg="crowdsecurity/appsec-default: up-to-date"
level=info msg="crowdsecurity/generic-rules: up-to-date"
level=info msg="crowdsecurity/virtual-patching: up-to-date"
level=info msg="Upgraded 0 appsec-configs"
level=info msg="Upgrading appsec-rules"
level=info msg="crowdsecurity/vpatch-CVE-2023-28121: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-38205: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-47218: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2019-1003030: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2017-9841: up-to-date"
level=info msg="crowdsecurity/vpatch-env-access: up-to-date"
level=info msg="crowdsecurity/base-config: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-22954: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-24489: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-8190: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2019-18935: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-27348: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2021-3129: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2020-17496: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-22515: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-7028: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-29824: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-3272: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-4577: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2020-11738: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-22965: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-44877: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-35078: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-46805: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2018-1000861: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2019-12989: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-35914: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-41082: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-23752: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-3519: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-1212: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2018-10562: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-29849: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-28255: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-22527: up-to-date"
level=info msg="crowdsecurity/vpatch-symfony-profiler: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-26134: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-46169: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-1389: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-42793: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-49070: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2018-13379: up-to-date"
level=info msg="crowdsecurity/vpatch-connectwise-auth-bypass: up-to-date"
level=info msg="crowdsecurity/vpatch-git-config: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-32113: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-35082: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-3273: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2021-22941: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-22024: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-40044: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-34102: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2020-5902: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-34362: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-6553: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-23897: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-27198: up-to-date"
level=info msg="crowdsecurity/generic-freemarker-ssti: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2022-27926: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-33617: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-50164: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2024-29973: up-to-date"
level=info msg="crowdsecurity/vpatch-laravel-debug-mode: up-to-date"
level=info msg="crowdsecurity/vpatch-CVE-2023-20198: up-to-date"
level=info msg="Upgraded 0 appsec-rules"
level=info msg="Upgrading collections"
level=info msg="crowdsecurity/http-cve: up-to-date"
level=info msg="crowdsecurity/sshd: up-to-date"
level=info msg="crowdsecurity/appsec-generic-rules: up-to-date"
level=info msg="LePresidente/authelia: up-to-date"
level=info msg="crowdsecurity/base-http-scenarios: up-to-date"
level=info msg="crowdsecurity/appsec-virtual-patching: up-to-date"
level=info msg="crowdsecurity/linux: up-to-date"
level=info msg="crowdsecurity/traefik: up-to-date"
level=info msg="Upgraded 0 collections"
Running: cscli parsers install "crowdsecurity/docker-logs"
level=info msg="Downloaded crowdsecurity/docker-logs"
installed crowdsecurity/docker-logs
level=info msg="Enabled crowdsecurity/docker-logs"
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli parsers install "crowdsecurity/cri-logs"
level=info msg="Downloaded crowdsecurity/cri-logs"
level=info msg="Enabled crowdsecurity/cri-logs"
installed crowdsecurity/cri-logs
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli collections install "crowdsecurity/traefik"
level=info msg="Downloaded crowdsecurity/traefik-logs"
level=info msg="Downloaded crowdsecurity/http-logs"
level=info msg="Downloaded crowdsecurity/http-crawl-non_statics"
level=info msg="Downloaded crowdsecurity/http-probing"
level=info msg="Downloaded crowdsecurity/http-bad-user-agent"
level=info msg="Downloaded crowdsecurity/http-path-traversal-probing"
level=info msg="Downloaded crowdsecurity/http-sensitive-files"
level=info msg="Downloaded crowdsecurity/http-sqli-probing"
level=info msg="Downloaded crowdsecurity/http-xss-probing"
level=info msg="Downloaded crowdsecurity/http-backdoors-attempts"
level=info msg="Downloaded ltsich/http-w00tw00t"
level=info msg="Downloaded crowdsecurity/http-generic-bf"
level=info msg="Downloaded crowdsecurity/http-open-proxy"
level=info msg="Downloaded crowdsecurity/http-admin-interface-probing"
level=info msg="Downloaded crowdsecurity/http-wordpress-scan"
level=info msg="Downloaded crowdsecurity/http-cve-probing"
level=info msg="Downloaded crowdsecurity/http_base"
level=info msg="Downloaded crowdsecurity/http-cve-2021-41773"
level=info msg="Downloaded crowdsecurity/http-cve-2021-42013"
level=info msg="Downloaded crowdsecurity/grafana-cve-2021-43798"
level=info msg="Downloaded crowdsecurity/vmware-vcenter-vmsa-2021-0027"
level=info msg="Downloaded crowdsecurity/fortinet-cve-2018-13379"
level=info msg="Downloaded crowdsecurity/pulse-secure-sslvpn-cve-2019-11510"
level=info msg="Downloaded crowdsecurity/f5-big-ip-cve-2020-5902"
level=info msg="Downloaded crowdsecurity/thinkphp-cve-2018-20062"
level=info msg="Downloaded crowdsecurity/apache_log4j2_cve-2021-44228"
level=info msg="Downloaded crowdsecurity/jira_cve-2021-26086"
level=info msg="Downloaded crowdsecurity/spring4shell_cve-2022-22965"
level=info msg="Downloaded crowdsecurity/vmware-cve-2022-22954"
level=info msg="Downloaded crowdsecurity/CVE-2022-37042"
level=info msg="Downloaded crowdsecurity/CVE-2022-41082"
level=info msg="Downloaded crowdsecurity/CVE-2022-35914"
level=info msg="Downloaded crowdsecurity/CVE-2022-40684"
level=info msg="Downloaded crowdsecurity/CVE-2022-26134"
level=info msg="Downloaded crowdsecurity/CVE-2022-42889"
level=info msg="Downloaded crowdsecurity/CVE-2022-41697"
level=info msg="Downloaded crowdsecurity/CVE-2022-46169"
level=info msg="Downloaded crowdsecurity/CVE-2022-44877"
level=info msg="Downloaded crowdsecurity/CVE-2019-18935"
level=info msg="Downloaded crowdsecurity/netgear_rce"
level=info msg="Downloaded crowdsecurity/CVE-2023-22515"
level=info msg="Downloaded crowdsecurity/CVE-2023-22518"
level=info msg="Downloaded crowdsecurity/CVE-2023-49103"
level=info msg="Downloaded crowdsecurity/CVE-2017-9841"
level=info msg="Downloaded crowdsecurity/CVE-2024-38475"
level=info msg="Downloaded crowdsecurity/http-cve"
level=info msg="Downloaded crowdsecurity/http-cve"
level=info msg="Downloaded crowdsecurity/base-http-scenarios"
level=info msg="Downloaded crowdsecurity/base-http-scenarios"
level=info msg="Downloaded crowdsecurity/traefik"
level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
level=info msg="Enabled collections: crowdsecurity/http-cve"
level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists."
level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
level=info msg="/etc/crowdsec/collections/traefik.yaml already exists."
level=info msg="Enabled collections: crowdsecurity/traefik"
installed crowdsecurity/traefik
level=info msg="Enabled crowdsecurity/traefik"
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli collections install "crowdsecurity/appsec-virtual-patching"
level=info msg="Downloaded crowdsecurity/appsec-logs"
level=info msg="Downloaded crowdsecurity/appsec-vpatch"
level=info msg="Downloaded crowdsecurity/appsec_base"
level=info msg="Downloaded crowdsecurity/virtual-patching"
level=info msg="Downloaded crowdsecurity/appsec-default"
level=info msg="Downloaded crowdsecurity/base-config"
level=info msg="Downloaded crowdsecurity/vpatch-env-access"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-40044"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2017-9841"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2020-11738"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-27926"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-35914"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-46169"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-20198"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-22515"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-33617"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-34362"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-3519"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-42793"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-50164"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-38205"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-24489"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2021-3129"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2021-22941"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2019-12989"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-44877"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2018-10562"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-6553"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2018-1000861"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2019-1003030"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-22965"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-23752"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-49070"
level=info msg="Downloaded crowdsecurity/vpatch-laravel-debug-mode"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-28121"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2020-17496"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-1389"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-7028"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-46805"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-23897"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-22527"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-35078"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-35082"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-22954"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-1212"
level=info msg="Downloaded crowdsecurity/vpatch-symfony-profiler"
level=info msg="Downloaded crowdsecurity/vpatch-connectwise-auth-bypass"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-22024"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-27198"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-3273"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-4577"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-29849"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2023-47218"
level=info msg="Downloaded crowdsecurity/vpatch-git-config"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-32113"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-3272"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-28255"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-29824"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-27348"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2020-5902"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2018-13379"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-26134"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-34102"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-29973"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2022-41082"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2019-18935"
level=info msg="Downloaded crowdsecurity/vpatch-CVE-2024-8190"
level=info msg="Downloaded crowdsecurity/appsec-virtual-patching"
installed crowdsecurity/appsec-virtual-patching
level=info msg="/etc/crowdsec/collections/appsec-virtual-patching.yaml already exists."
level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching"
level=info msg="Enabled crowdsecurity/appsec-virtual-patching"
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
Running: cscli collections install "crowdsecurity/appsec-generic-rules"
level=info msg="Downloaded crowdsecurity/appsec-logs"
level=info msg="Downloaded crowdsecurity/appsec-vpatch"
level=info msg="Downloaded crowdsecurity/appsec_base"
level=info msg="Downloaded crowdsecurity/generic-rules"
level=info msg="Downloaded crowdsecurity/appsec-default"
level=info msg="Downloaded crowdsecurity/base-config"
level=info msg="Downloaded crowdsecurity/generic-freemarker-ssti"
level=info msg="Downloaded crowdsecurity/appsec-generic-rules"
level=info msg="/etc/crowdsec/collections/appsec-generic-rules.yaml already exists."
level=info msg="Enabled collections: crowdsecurity/appsec-generic-rules"
level=info msg="Enabled crowdsecurity/appsec-generic-rules"
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
installed crowdsecurity/appsec-generic-rules
Running: cscli collections install "LePresidente/authelia"
level=info msg="Downloaded LePresidente/authelia-logs"
level=info msg="Downloaded LePresidente/authelia-bf"
level=info msg="Downloaded LePresidente/authelia"
level=info msg="/etc/crowdsec/collections/authelia.yml already exists."
level=info msg="Enabled collections: LePresidente/authelia"
level=info msg="Enabled LePresidente/authelia"
installed LePresidente/authelia
level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
time="2024-10-13T10:07:24Z" level=info msg="Enabled feature flags: <none>"
time="2024-10-13T10:07:24Z" level=info msg="Crowdsec v1.6.3-4851945a"
time="2024-10-13T10:07:24Z" level=info msg="Loading prometheus collectors"
time="2024-10-13T10:07:24Z" level=info msg="Loading CAPI manager"
time="2024-10-13T10:07:26Z" level=info msg="CAPI manager configured successfully"
time="2024-10-13T10:07:26Z" level=info msg="Start push to CrowdSec Central API (interval: 16s once, then 10s)"
time="2024-10-13T10:07:26Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 37m45s once, then 30m0s)"
time="2024-10-13T10:07:26Z" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080"
time="2024-10-13T10:07:26Z" level=info msg="capi metrics: sending"
time="2024-10-13T10:07:26Z" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2024-10-13T10:07:26Z" level=info msg="last CAPI pull is newer than 1h30, skip."
time="2024-10-13T10:07:26Z" level=info msg="Start pull from CrowdSec Central API (interval: 1h56m19s once, then 2h0m0s)"
time="2024-10-13T10:07:26Z" level=info msg="Loading enrich plugins"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'IpToRange'"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'ParseDate'"
time="2024-10-13T10:07:26Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2024-10-13T10:07:26Z" level=info msg="Loading parsers from 11 files"
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2024-10-13T10:07:26Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/authelia-logs.yaml stage=s01-parse
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/traefik-logs.yaml stage=s01-parse
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2024-10-13T10:07:26Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2024-10-13T10:07:26Z" level=info msg="Loaded 12 nodes from 3 stages"
time="2024-10-13T10:07:26Z" level=info msg="No postoverflow parsers to load"
time="2024-10-13T10:07:26Z" level=info msg="Loading 47 scenario files"
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=cold-snowflake name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=holy-breeze name=crowdsecurity/CVE-2019-18935
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=restless-silence name=crowdsecurity/http-admin-interface-probing
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=wispy-bird name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=late-smoke name=crowdsecurity/http-xss-probbing
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=divine-bird name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=spring-smoke name=crowdsecurity/CVE-2022-42889
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=cool-darkness name=crowdsecurity/appsec-vpatch
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=shy-frost name=crowdsecurity/CVE-2023-22518
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=withered-mountain name=crowdsecurity/http-sensitive-files
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=divine-sky name=crowdsecurity/fortinet-cve-2018-13379
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=wandering-violet name=crowdsecurity/http-cve-2021-42013
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=wispy-wildflower name=crowdsecurity/CVE-2022-26134
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=icy-shape name=crowdsecurity/CVE-2023-22515
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=falling-paper name=crowdsecurity/http-backdoors-attempts
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=holy-fire name=crowdsecurity/http-cve-2021-41773
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=aged-brook name=crowdsecurity/CVE-2022-41697
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=spring-water name=crowdsecurity/thinkphp-cve-2018-20062
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=summer-frost name=crowdsecurity/fortinet-cve-2022-40684
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=falling-sunset name=crowdsecurity/http-crawl-non_statics
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=aged-brook name=crowdsecurity/ssh-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=green-wildflower name=crowdsecurity/ssh-bf_user-enum
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=misty-sun name=crowdsecurity/http-bad-user-agent
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=red-shadow name=crowdsecurity/http-sqli-probbing-detection
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=throbbing-shape name=crowdsecurity/jira_cve-2021-26086
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=blue-brook name=ltsich/http-w00tw00t
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=dark-sea name=crowdsecurity/CVE-2024-38475
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=dark-star name=crowdsecurity/CVE-2023-49103
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=delicate-brook name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=ancient-water name=crowdsecurity/vmware-cve-2022-22954
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=blue-surf name=crowdsecurity/spring4shell_cve-2022-22965
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=broken-darkness name=crowdsecurity/netgear_rce
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=spring-wind name=crowdsecurity/ssh-slow-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=sparkling-violet name=crowdsecurity/ssh-slow-bf_user-enum
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=billowing-field name=crowdsecurity/grafana-cve-2021-43798
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=purple-sound name=crowdsecurity/ssh-cve-2024-6387
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=misty-meadow name=crowdsecurity/CVE-2022-44877
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=red-resonance name=crowdsecurity/http-probing
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=holy-cloud name=crowdsecurity/http-open-proxy
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=bold-smoke name=crowdsecurity/CVE-2022-41082
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=lingering-pine name=crowdsecurity/CVE-2022-35914
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=divine-water name=crowdsecurity/http-cve-probing
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=shy-smoke name=crowdsecurity/CVE-2017-9841
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=bitter-sunset name=crowdsecurity/CVE-2022-46169-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=wispy-waterfall name=crowdsecurity/CVE-2022-46169-cmd
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=dry-wind name=crowdsecurity/http-path-traversal-probing
time="2024-10-13T10:07:26Z" level=info msg="Adding trigger bucket" cfg=white-violet name=crowdsecurity/CVE-2022-37042
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=cool-wind name=crowdsecurity/http-wordpress-scan
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=dawn-fog name=crowdsecurity/http-generic-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=wandering-meadow name=LePresidente/http-generic-401-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=blue-glitter name=LePresidente/http-generic-403-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=misty-night name=LePresidente/authelia-bf
time="2024-10-13T10:07:26Z" level=info msg="Adding leaky bucket" cfg=restless-hill name=LePresidente/authelia-bf_user-enum
time="2024-10-13T10:07:26Z" level=info msg="Loaded 53 scenarios"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29973 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-41082 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-18935 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8190 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28255 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-5902 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29824 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-13379 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27348 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-32113 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29849 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-4577 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-47218 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-git-config to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-26134 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3272 to appsec rules"
time="2024-10-13T10:07:26Z" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2024-10-13T10:07:26Z" level=info msg="Adding file /var/log/traefik/access.log to datasources" type=file
time="2024-10-13T10:07:26Z" level=info msg="Adding file /var/log/traefik/traefik.log to datasources" type=file
time="2024-10-13T10:07:26Z" level=warning msg="No matching files for pattern /var/log/authelia/authelia.log" type=file
time="2024-10-13T10:07:26Z" level=info msg="Cache duration for auth not set, using default: 1m0s" name=myAppSecComponent type=appsec
time="2024-10-13T10:07:26Z" level=info msg="loading /etc/crowdsec/appsec-configs/virtual-patching.yaml" component=appsec_config name=myAppSecComponent type=appsec
time="2024-10-13T10:07:26Z" level=info msg="Loaded 0 outofband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-10-13T10:07:26Z" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-10-13T10:07:26Z" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-10-13T10:07:26Z" level=info msg="Loaded 62 inband rules" component=appsec_config name=crowdsecurity/virtual-patching type=appsec
time="2024-10-13T10:07:26Z" level=info msg="Created 1 appsec runners" name=myAppSecComponent type=appsec
time="2024-10-13T10:07:26Z" level=info msg="127.0.0.1 - [Sun, 13 Oct 2024 10:07:26 UTC] \"POST /v1/watchers/login HTTP/1.1 200 63.724954ms \"crowdsec/v1.6.3-4851945a-docker\" \""
time="2024-10-13T10:07:26Z" level=info msg="Starting processing data"
time="2024-10-13T10:07:26Z" level=info msg="1 appsec runner to start" name=myAppSecComponent type=appsec
time="2024-10-13T10:07:26Z" level=info msg="creating TCP server on 0.0.0.0:7422" name=myAppSecComponent type=appsec
time="2024-10-13T10:07:26Z" level=info msg="Appsec Runner ready to process event" name=myAppSecComponent runner_uuid=4766438b-5376-408c-a3f6-fb2f6a40c58f type=appsec
time="2024-10-13T10:07:26Z" level=info msg="127.0.0.1 - [Sun, 13 Oct 2024 10:07:26 UTC] \"POST /v1/usage-metrics HTTP/1.1 201 5.096696ms \"crowdsec/v1.6.3-4851945a-docker\" \""
time="2024-10-13T10:07:26Z" level=info msg="127.0.0.1 - [Sun, 13 Oct 2024 10:07:26 UTC] \"POST /v1/usage-metrics HTTP/1.1 201 2.945903ms \"crowdsec/v1.6.3-4851945a-docker\" \""
time="2024-10-13T10:08:26Z" level=info msg="127.0.0.1 - [Sun, 13 Oct 2024 10:08:26 UTC] \"GET /v1/heartbeat HTTP/1.1 200 2.688561ms \"crowdsec/v1.6.3-4851945a-docker\" \""
I decided to re-do my configuration again following this guide (https://www.reddit.com/r/selfhosted/comments/1dcn19v/standing_up_the_crowdsec_bouncer_plugin_in_traefik/) and setup cloudflare warp which shows the real ip to Traefik, and made some changes to the crowdsec bouncer.
This time, it seemed like Crowdsec was working as every time I restarted my traefik container which had crowdsec, I was greeted with the ban.html page, but then redirected to the docker service. When I banned my own IP, I waited 1 minute and then tried to refresh the page to see I would be greeted with the ban.html page, but sadly I wasn't.
I looked in the traefik logs and saw that this log message ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/13 12:34:00 appsecQuery:unreachable
. Does this mean that appsec is not reachable? I have opened both port 9090 and 7422 on the host (I changed the crowdsecLapiHost to use port 9090, instead of 8080), but it is still not working.
docker-compose.yml:
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- cf_api_token
env_file: .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
- ./logs:/var/log/traefik
- ./ban.html:/ban.html
- ./captcha.html:/captcha.html
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=example.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.api.middlewares=cloudflarewarp@file, crowdsec@file, authelia@docker"
- "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
- "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
- "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name"
depends_on:
- "crowdsec"
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
expose:
- 9090
- 7422
environment:
COLLECTIONS: "crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules LePresidente/authelia"
BOUNCER_KEY_TRAEFIK: $CROWDSEC_BOUNCER_API_KEY
volumes:
- ./config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
- ./logs:/var/log/traefik:ro
- crowdsec-db:/var/lib/crowdsec/data/
- crowdsec-config:/etc/crowdsec/
labels:
- "traefik.enable=false"
- "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html"
volumes:
logs:
logs-cloudflare:
crowdsec-db:
crowdsec-config:
secrets:
cf_api_token:
file: ./cf_api_token.txt
networks:
proxy:
external: true
traefik.yml:
# Don't send telemetry data
global:
checkNewVersion: true
sendAnonymousUsage: false
# Disable SSL Verification between Traefik and Docker
serversTransport:
insecureSkipVerify: true
# Enable Dashboard
api:
dashboard: true
debug: true
entryPoints:
# Redirect every HTTP request to HTTPS
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint
https:
address: ":443"
http:
middlewares:
- default-headers@file
providers:
# Docker provider for connecting all apps that are inside the docker network
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# File provider for connecting things outside of docker and defining middlewares
file:
filename: /config.yml
watch: true
# Show Traefik where to put logs
log:
level: "INFO"
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
# Use Cloudflare to generate SSL certificates
certificatesResolvers:
cloudflare:
acme:
email: cloudflare.embroider948@slmail.me
storage: acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
disablePropagationCheck: true
delayBeforeCheck: 60s
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
experimental:
plugins:
crowdsec-bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.3.3
cloudflarewarp:
moduleName: github.com/BetterCorp/cloudflarewarp
version: v1.3.3
config.yml:
tls:
options:
modern:
minVersion: "VersionTLS13"
intermediate:
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
http:
routers:
traefik:
rule: "Host(`traefik.example.com`)"
entryPoints: "https"
service: "api@internal"
middlewares:
- "authelia@file"
authelia:
rule: "Host(`auth.example.com`)"
entryPoints: "https"
service: "authelia@file"
services:
authelia:
loadBalancer:
servers:
- url: "http://authelia:9091/"
middlewares:
# HTTPS Redirects
https-redirect:
redirectScheme:
scheme: https
permanent: true
# Authelia Authentication
authelia:
forwardAuth:
address: "http://authelia:9091/api/authz/forward-auth"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
# Authelia Basic Authentication
authelia-basic:
forwardAuth:
address: "https://authelia:9091/api/verify?auth=basic"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
cloudflarewarp:
plugin:
cloudflarewarp:
disableDefault: false
crowdsec:
plugin:
crowdsec-bouncer:
enabled: true
logLevel: INFO
crowdsecMode: appsec
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecLapiKey: FIXME-LAPI-KEY
crowdsecLapiHost: crowdsec:9090
crowdsecLapiScheme: http
captchaProvider: turnstile
captchaSiteKey: SITE-KEY
captchaSecretKey: SECRET-KEY
captchaHTMLFilePath: /captcha.html
banHTMLFilePath: /ban.html
# Security Headers
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipAllowList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
2024-10-13T11:01:16+01:00 ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:224 > Middleware defined multiple times with different configurations configuration=["whoami1-traefik-37fca6828d4d624ecf3a651d17db1cbc2625436d249cbd6f4a26ad1612a7a>
There are no debug logs from the plugin here, just traefik internal debug logs stating you declared something off here:
̀2024-10-13T11:01:16+01:00 ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:224 > Middleware defined multiple times with different configurations configuration=["whoami1-traefik-37fca6828d4d624ecf3a651d17db1cbc2625436d249cbd6f4a26ad1612a7a>`
But no Debug log from the plugin itself. They are of this format:
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/09 16:46:42 New initialized mode:live
To enable debug logs from the plugin, replace logLevel: INFO
with logLevel: DEBUG
I decided to re-do my configuration again following this guide (https://www.reddit.com/r/selfhosted/comments/1dcn19v/standing_up_the_crowdsec_bouncer_plugin_in_traefik/) and setup cloudflare warp which shows the real ip to Traefik, and made some changes to the crowdsec bouncer.
This time, it seemed like Crowdsec was working as every time I restarted my traefik container which had crowdsec, I was greeted with the ban.html page, but then redirected to the docker service. When I banned my own IP, I waited 1 minute and then tried to refresh the page to see I would be greeted with the ban.html page, but sadly I wasn't.
I looked in the traefik logs and saw that this log message
ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/13 12:34:00 appsecQuery:unreachable
. Does this mean that appsec is not reachable? I have opened both port 9090 and 7422 on the host (I changed the crowdsecLapiHost to use port 9090, instead of 8080), but it is still not working.docker-compose.yml:
services: traefik: image: traefik:latest container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy ports: - 80:80 - 443:443 environment: CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS} secrets: - cf_api_token env_file: .env volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./data/traefik.yml:/traefik.yml:ro - ./data/acme.json:/acme.json - ./data/config.yml:/config.yml:ro - ./logs:/var/log/traefik - ./ban.html:/ban.html - ./captcha.html:/captcha.html labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" - "traefik.http.routers.traefik-secure.tls.domains[0].main=example.com" - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.com" - "traefik.http.routers.traefik-secure.service=api@internal" - "traefik.http.routers.api.middlewares=cloudflarewarp@file, crowdsec@file, authelia@docker" - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth" - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true" - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name" depends_on: - "crowdsec" crowdsec: image: crowdsecurity/crowdsec:latest container_name: crowdsec restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy expose: - 9090 - 7422 environment: COLLECTIONS: "crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules LePresidente/authelia" BOUNCER_KEY_TRAEFIK: $CROWDSEC_BOUNCER_API_KEY volumes: - ./config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro - ./logs:/var/log/traefik:ro - crowdsec-db:/var/lib/crowdsec/data/ - crowdsec-config:/etc/crowdsec/ labels: - "traefik.enable=false" - "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html" volumes: logs: logs-cloudflare: crowdsec-db: crowdsec-config: secrets: cf_api_token: file: ./cf_api_token.txt networks: proxy: external: true
traefik.yml:
# Don't send telemetry data global: checkNewVersion: true sendAnonymousUsage: false # Disable SSL Verification between Traefik and Docker serversTransport: insecureSkipVerify: true # Enable Dashboard api: dashboard: true debug: true entryPoints: # Redirect every HTTP request to HTTPS http: address: ":80" http: redirections: entryPoint: to: https scheme: https # HTTPS endpoint https: address: ":443" http: middlewares: - default-headers@file providers: # Docker provider for connecting all apps that are inside the docker network docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false # File provider for connecting things outside of docker and defining middlewares file: filename: /config.yml watch: true # Show Traefik where to put logs log: level: "INFO" filePath: "/var/log/traefik/traefik.log" accessLog: filePath: "/var/log/traefik/access.log" # Use Cloudflare to generate SSL certificates certificatesResolvers: cloudflare: acme: email: cloudflare.embroider948@slmail.me storage: acme.json caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default) # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging dnsChallenge: provider: cloudflare disablePropagationCheck: true delayBeforeCheck: 60s resolvers: - "1.1.1.1:53" - "1.0.0.1:53" experimental: plugins: crowdsec-bouncer: moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin version: v1.3.3 cloudflarewarp: moduleName: github.com/BetterCorp/cloudflarewarp version: v1.3.3
config.yml:
tls: options: modern: minVersion: "VersionTLS13" intermediate: minVersion: "VersionTLS12" cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" http: routers: traefik: rule: "Host(`traefik.example.com`)" entryPoints: "https" service: "api@internal" middlewares: - "authelia@file" authelia: rule: "Host(`auth.example.com`)" entryPoints: "https" service: "authelia@file" services: authelia: loadBalancer: servers: - url: "http://authelia:9091/" middlewares: # HTTPS Redirects https-redirect: redirectScheme: scheme: https permanent: true # Authelia Authentication authelia: forwardAuth: address: "http://authelia:9091/api/authz/forward-auth" trustForwardHeader: true authResponseHeaders: - "Remote-User" - "Remote-Groups" - "Remote-Email" - "Remote-Name" # Authelia Basic Authentication authelia-basic: forwardAuth: address: "https://authelia:9091/api/verify?auth=basic" trustForwardHeader: true authResponseHeaders: - "Remote-User" - "Remote-Groups" - "Remote-Email" - "Remote-Name" cloudflarewarp: plugin: cloudflarewarp: disableDefault: false crowdsec: plugin: crowdsec-bouncer: enabled: true logLevel: INFO crowdsecMode: appsec crowdsecAppsecEnabled: true crowdsecAppsecHost: crowdsec:7422 crowdsecLapiKey: FIXME-LAPI-KEY crowdsecLapiHost: crowdsec:9090 crowdsecLapiScheme: http captchaProvider: turnstile captchaSiteKey: SITE-KEY captchaSecretKey: SECRET-KEY captchaHTMLFilePath: /captcha.html banHTMLFilePath: /ban.html # Security Headers default-headers: headers: frameDeny: true sslRedirect: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN customRequestHeaders: X-Forwarded-Proto: https default-whitelist: ipAllowList: sourceRange: - "10.0.0.0/8" - "192.168.0.0/16" - "172.16.0.0/12"
Yes indeed, if you get ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/13 12:34:00 appsecQuery:unreachable, then it mean Traefik cannot reach the Appsec component.
Every requests will go to the Appsec component. When Crowdsec Start, Appsec might not be ready, gettings debug logs would tell us if the plugin manage to connect after some time.
Be aware that Crowdsec appsec component runs in a different port than the LAPI (7422 by default)
It can be configured with CrowdsecAppsecHost, which defaults to crowdsec:7422
You have to check why you cannot connect to the appsec port from Traefik, is crowdsec running correctly ?
From this docker compose you are using a network proxy, try to connect from Traefik container, throubleshoot if you can contact crowdsec at the port 7442.
Also, from you last configuration, you are using crowdsecMode: appsec. From the readme, this does :
Disable Crowdsec IP checking but apply Crowdsec Appsec checking. This mode is intended to be used when Crowdsec IP checking is applied at the Firewall Level.
It means only appsec is gonna be used to check your queries, you may not be able to ban yourself with this mode.
To combine, appsec and use regular ban, use something like stream mode with the setting CrowdsecAppsecEnabled: true
Be aware that Crowdsec appsec component runs in a different port than the LAPI (7422 by default) It can be configured with CrowdsecAppsecHost, which defaults to crowdsec:7422 You have to check why you cannot connect to the appsec port from Traefik, is crowdsec running correctly ? From this docker compose you are using a network proxy, try to connect from Traefik container, throubleshoot if you can contact crowdsec at the port 7442.
Port 7422 is open on the host, and is accessible from the traefik container. So, I'm not sure why it's not accessible from crowdsec.
It means only appsec is gonna be used to check your queries, you may not be able to ban yourself with this mode.
To combine, appsec and use regular ban, use something like stream mode with the setting CrowdsecAppsecEnabled: true
I tried using stream mode, but I was permanently blocked from accessing any of my services hosted on docker that had the crowdsec middleware enabled, and I was greeted with the ban.html page
I do get a new new log message when using stream mode, in the traefik container which mentions that port 9090 is unreachable. Here is the log message in context:
ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/13 20:34:20 handleStreamTicker:error updateFailure:0 crowdsecQuery:unreachable url:http://crowdsec:9090/v1/decisions/stream?startup=true Get "http://crowdsec:9090/v1/decisions/stream?startup=true": dial tcp 172.18.0.4:9090: connect: connection refused
Be aware that Crowdsec appsec component runs in a different port than the LAPI (7422 by default) It can be configured with CrowdsecAppsecHost, which defaults to crowdsec:7422 You have to check why you cannot connect to the appsec port from Traefik, is crowdsec running correctly ? From this docker compose you are using a network proxy, try to connect from Traefik container, throubleshoot if you can contact crowdsec at the port 7442.
Port 7422 is open on the host, and is accessible from the traefik container. So, I'm not sure why it's not accessible from crowdsec.
It means only appsec is gonna be used to check your queries, you may not be able to ban yourself with this mode.
To combine, appsec and use regular ban, use something like stream mode with the setting CrowdsecAppsecEnabled: true
I tried using stream mode, but I was permanently blocked from accessing any of my services hosted on docker that had the crowdsec middleware enabled, and I was greeted with the ban.html page
I do get a new new log message when using stream mode, in the traefik container which mentions that port 9090 is unreachable. Here is the log message in context:
ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/13 20:34:20 handleStreamTicker:error updateFailure:0 crowdsecQuery:unreachable url:http://crowdsec:9090/v1/decisions/stream?startup=true Get "http://crowdsec:9090/v1/decisions/stream?startup=true": dial tcp 172.18.0.4:9090: connect: connection refused
Yes, that means that your errors is about connectivity or config for the connectivity.
Crowdsec does not use port 9090, so here that will not work.
I tooks your config files, remove some extra thing that are not necessary to poc and got it working (Traefik talked to LAPI with success in stream mode)
config.yaml
tls:
options:
modern:
minVersion: "VersionTLS13"
intermediate:
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
http:
routers:
traefik:
rule: "Host(`traefik.example.com`)"
entryPoints: "https"
service: "api@internal"
middlewares:
# HTTPS Redirects
https-redirect:
redirectScheme:
scheme: https
permanent: true
crowdsec:
plugin:
crowdsec-bouncer:
enabled: true
logLevel: DEBUG
crowdsecMode: stream
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecLapiKey: FIXME-LAPI-KEY
crowdsecLapiHost: crowdsec:8080
crowdsecLapiScheme: http
# captchaHTMLFilePath: /captcha.html
# banHTMLFilePath: /ban.html
# Security Headers
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipAllowList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
docker-compose.yaml
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
# security_opt:
# - no-new-privileges:true
# networks:
# - proxy
ports:
- 8080:80
- 8443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/etc/traefik/traefik.yml:ro
# - ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
- ./logs:/var/log/traefik
# - ./ban.html:/ban.html
# - ./captcha.html:/captcha.html
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.middlewares=crowdsec@file"
depends_on:
- "crowdsec"
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
restart: unless-stopped
# security_opt:
# - no-new-privileges:true
# networks:
# - proxy
# expose:
# - 9090
# - 7422
environment:
BOUNCER_KEY_TRAEFIK: FIXME-LAPI-KEY
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
CUSTOM_HOSTNAME: crowdsec
volumes:
- ./data/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
- ./logs:/var/log/traefik:ro
- crowdsec-db:/var/lib/crowdsec/data/
# - crowdsec-config:/etc/crowdsec/
labels:
- "traefik.enable=false"
# - "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html"
volumes:
logs:
logs-cloudflare:
crowdsec-db:
crowdsec-config:
# networks:
# proxy:
# external: true
traefik.yml
# Don't send telemetry data
global:
checkNewVersion: true
sendAnonymousUsage: false
# Disable SSL Verification between Traefik and Docker
serversTransport:
insecureSkipVerify: true
# Enable Dashboard
api:
dashboard: true
debug: true
entryPoints:
# Redirect every HTTP request to HTTPS
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint
https:
address: ":443"
http:
middlewares:
- default-headers@file
providers:
# Docker provider for connecting all apps that are inside the docker network
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# File provider for connecting things outside of docker and defining middlewares
file:
filename: /config.yml
watch: true
# Show Traefik where to put logs
log:
# level: "INFO"
# filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
# Use Cloudflare to generate SSL certificates
# certificatesResolvers:
# cloudflare:
# acme:
# email: cloudflare.embroider948@slmail.me
# storage: acme.json
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
# # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
# dnsChallenge:
# provider: cloudflare
# disablePropagationCheck: true
# delayBeforeCheck: 60s
# resolvers:
# - "1.1.1.1:53"
# - "1.0.0.1:53"
experimental:
plugins:
crowdsec-bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.3.3
# cloudflarewarp:
# moduleName: github.com/BetterCorp/cloudflarewarp
# version: v1.3.3
Here are debug logs:
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 cache:Set key:updated value:f duration:59s
ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 handleStreamTicker:error updateFailure:0 crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp 172.21.0.2:8080: connect: connection refused
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 handleStreamTicker updateFailure:0 isCrowdsecStreamHealthy:true crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp 172.21.0.2:8080: connect: connection refused
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:34:03 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:35:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:35:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:35:03 handleStreamCache:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:36:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:36:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:36:03 handleStreamCache:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:37:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:37:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:37:03 handleStreamCache:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:38:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:38:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:38:03 handleStreamCache:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:39:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:39:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:39:03 handleStreamCache:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:40:03 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:40:03 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:40:03 handleStreamCache:updated
First failure is normal, because Crowdsec wasn't ready but then connectivity is good
Also note that I changed Traefik config mount path from /traefik.yml to /etc/traefik/traefik.yml to respect how it handle static configuration:
CrowdSec seems to be working, and I have the same logs that you posted above. When I access one of my services hosted on docker, I am still greeted with the ban.html page.
When I checked my crowdsec logs, I seemed to be getting this log message every few seconds:
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:06:10 handleStreamTicker updateFailure:5 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
These are my full logs for traefik:
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 handleStreamTicker updateFailure:0 isCrowdsecStreamHealthy:true crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
ERROR: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 handleStreamTicker:error updateFailure:0 crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:10 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:13 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:13 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:13 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:13 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:14 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:14 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:14 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:14 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:15 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:16 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:17 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:18 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:19 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:47 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:47 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:47 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:01:47 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:10 handleStreamTicker updateFailure:1 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:21 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:21 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:21 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:02:21 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:2
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:10 handleStreamTicker updateFailure:2 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:44 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:44 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:44 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:44 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:3
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:45 ServeHTTP ip:IP isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:45 cache:Get key:IP
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:45 ServeHTTP:Get ip:IP isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:03:45 ServeHTTP isCrowdsecStreamHealthy:false ip:IP updateFailure:3
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:04:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:04:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:04:10 handleStreamTicker updateFailure:3 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:10 handleStreamTicker updateFailure:4 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:30 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:05:46 New initialized mode:stream
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:06:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:06:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:06:10 handleStreamTicker updateFailure:5 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:07:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:07:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:07:10 handleStreamTicker updateFailure:6 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:08:10 cache:Get key:updated
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:08:10 cache:Set key:updated value:f duration:59s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/10/14 17:08:10 handleStreamTicker updateFailure:7 isCrowdsecStreamHealthy:false crowdsecQuery:unreachable url:http://crowdsec:8080/v1/decisions/stream?startup=true Get "http://crowdsec:8080/v1/decisions/stream?startup=true": dial tcp: lookup crowdsec on 127.0.0.11:53: no such host
I have hidden my IP for privacy reason, but I think the log message containing my IP is when I tried to access the service I host on docker.
cannot lookup crowdsec on 127.0.0.11:53: no such host
It means you have no connectivity between Traefik and Crowdsec.
Traefik cannot even resolve the crowdsec container IP, they could be on another network namespace / not on the same machine for all we know.
You have to resolve that networking issue before we can continue throubleshooting. have you tried the exemples i sent you ?
They should be working natively, (docker compose up -d) and this could help find out if your server/host machine has other config issues.
Traefik cannot even resolve the crowdsec container IP, they could be on another network namespace / not on the same machine for all we know.
You have to resolve that networking issue before we can continue troubleshooting. have you tried the exemples i sent you ?
I put them in the same proxy network, and I get an error about connection refused. I changed the port to 9090, and I still get the error about the connection refusing.
I tried your examples, but they didn't work since CrowdSec was running on the host machine and was taking up port 8080.
Edit: I wanted to provide more info about this since, I think the error about connection refusing might be a one time thing and only happens during startup. I might have been a bit inpatient about waiting for my IP to be banned, and I thought it would be instant. The examples you provided above actually worked, and I was able to ban my own IP after waiting around 30 seconds.
I would also like to apologise if I came out as annoying or aggressive. I think I was so determined to get this working, that I didn't really think about what I was saying and how they might of been received. I truly appreciate everyone in this GitHub issue for their help, and I want to say thank you!
No Worry, Glad you got it working out eventually, yes stream mode will only block when it updates its local cache from the LAPI every minutes or so.
Just note that when you run Crowdsec outside of docker you have to update CrowdsecAppsecHost
and CrowdsecLAPIHost
with the IP attached/exposed to/by your Crowdsec service.
lookup crowdsec on 127.0.0.11:53: no such host -> it is an indication you run it outside of docker but docker is looking like it will find it in one of the containers
Just note that when you run Crowdsec outside of docker you have to update CrowdsecAppsecHost and CrowdsecLAPIHost with the IP attached/exposed to/by your Crowdsec service.
I'll keep that in mind for the future, when I have to setup CrowdSec again. Since this is resolved, I will close this issue.
Description: I recently switched from using fbonalair/traefik-crowdsec-bouncer to this project as it was more updated, and seemed to more customisable. However, I tried to ban my own IP but that did not work, and I feel like I have misconfigured something. I was hoping if you could take a look at my configuration to see where I went wrong and to make any corrections if needed.
docker-compose.yml:
traefik.yml:
config.yml:
acquis.yaml:
I have hidden some values in the files for privacy and security reasons. Let me know if you need any other information, or if you have any questions.