cleanup gitignore, improve crowdsec
This commit is contained in:
12
.gitignore
vendored
Normal file
12
.gitignore
vendored
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
# Ignore these files
|
||||||
|
**/services/.env
|
||||||
|
|
||||||
|
# Ignore these folders
|
||||||
|
letsencrypt/
|
||||||
|
certs/
|
||||||
|
log-dashboard/
|
||||||
|
lib/
|
||||||
|
**/headscale/config/
|
||||||
|
**/headscale/run/
|
||||||
|
**/crowdsec/config/
|
||||||
|
**/crowdsec/data/
|
||||||
@@ -1 +0,0 @@
|
|||||||
CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ
|
|
||||||
6
services/crowdsec/appsec.yaml
Normal file
6
services/crowdsec/appsec.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
appsec_configs:
|
||||||
|
- crowdsecurity/appsec-default
|
||||||
|
labels:
|
||||||
|
type: appsec
|
||||||
|
listen_addr: 0.0.0.0:7422
|
||||||
|
source: appsec
|
||||||
@@ -18,6 +18,7 @@ services:
|
|||||||
- ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
|
- ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
|
||||||
- ${SERVICE_PATH}/crowdsec/config/config.yaml:/etc/crowdsec/config.yaml
|
- ${SERVICE_PATH}/crowdsec/config/config.yaml:/etc/crowdsec/config.yaml
|
||||||
- ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec
|
- ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec
|
||||||
|
- ${SERVICE_PATH}/crowdsec/appsec.yaml:/etc/crowdsec/acquis.d/appsec.yaml
|
||||||
- ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data
|
- ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data
|
||||||
- /var/log/traefik:/var/log/crowdsec:ro
|
- /var/log/traefik:/var/log/crowdsec:ro
|
||||||
- /var/log/syslog:/var/log/syslog:ro
|
- /var/log/syslog:/var/log/syslog:ro
|
||||||
|
|||||||
@@ -17,5 +17,10 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- ip4net
|
- ip4net
|
||||||
labels:
|
labels:
|
||||||
# Watchtower
|
# Traefik
|
||||||
- "com.centurylinklabs.watchtower.enable=true"
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.headscale.entrypoints=https"
|
||||||
|
- "traefik.http.routers.headscale.tls.certresolver=myresolver"
|
||||||
|
- "traefik.http.routers.headscale.tls=true"
|
||||||
|
- "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
|
||||||
|
|||||||
@@ -10,11 +10,13 @@ http:
|
|||||||
updateIntervalSeconds: 60
|
updateIntervalSeconds: 60
|
||||||
crowdsecMode: stream
|
crowdsecMode: stream
|
||||||
crowdsecAppsecEnabled: true
|
crowdsecAppsecEnabled: true
|
||||||
|
crowdsecAppsecFailureBlock: true
|
||||||
|
crowdsecAppsecUnreachableBlock: true
|
||||||
crowdsecAppsecHost: crowdsec:7422
|
crowdsecAppsecHost: crowdsec:7422
|
||||||
crowdsecLapiScheme: http
|
crowdsecLapiScheme: http
|
||||||
crowdsecLapiHost: crowdsec:8080
|
crowdsecLapiHost: crowdsec:8080
|
||||||
# generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
|
# generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
|
||||||
crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
|
crowdsecLapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
|
||||||
forwardedHeadersTrustedIPs:
|
forwardedHeadersTrustedIPs:
|
||||||
- 10.0.0.0/8
|
- 10.0.0.0/8
|
||||||
clientTrustedIPs:
|
clientTrustedIPs:
|
||||||
|
|||||||
Reference in New Issue
Block a user