chriswin/vps-server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

crowdsec config

Browse Source
This commit is contained in:
chriswin
2026-01-14 00:20:07 +01:00
parent 80a0fbd9dd
commit 3f814c7e49
2 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
services/traefik/config/config.yml
View File

@@ -1,164 +0,0 @@
http:
middlewares:
# Crowdsec
crowdsec-bouncer:
plugin:
crowdsec-bouncer-plugin:
enabled: true
logLevel: INFO
updateIntervalSeconds: 60
crowdsecMode: stream
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecLapiScheme: http
crowdsecLapiHost: crowdsec:8080
# generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
forwardedHeadersTrustedIPs:
- 10.0.6.0/24
clientTrustedIPs:
- 192.168.178.0/24
captchaProvider: hcaptcha
captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
captchaSecretKey: ES_9511d34bbec34dada169afad0a36991a
captchaGracePeriodSeconds: 1800
captchaHTMLFilePath: /captcha.html
banHTMLFilePath: /ban.html
routers:
authelia:
rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
audiobookshelf:
rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
gitea:
rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
headscale:
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
immich:
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
lldap:
rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
linkwarden:
rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
mealie:
rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
navidrome:
rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
ntfy:
rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
paperless:
rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
pdf:
rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
radicale:
rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
rss:
rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
superset:
rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
vaultwarden:
rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
vikunja:
rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
services:
node:
loadBalancer:
servers:
- url: {{ env TRAEFIK_MAIN_SERVER_NODE_IP }}
tls:
stores:
default:
defaultCertificate:
certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key
certificates:
- certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key

67
services/traefik/config/traefik.yml
View File

@@ -1,67 +0,0 @@
api:
dashboard: true
log:
level: "INFO"
serversTransport:
insecureSkipVerify: true
accessLog:
filePath: "/var/log/traefik/access.log" # location of traefik logs for crowdsec
format: json
bufferingSize: 100 # Configuring a buffer of 100 lines
filters:
statusCodes:
- "204-299"
- "400-499"
- "500-559" # logged status codes
entryPoints:
http:
address: "[::]:80" # Create the HTTP entrypoint on port 80
forwardedHeaders:
insecure: false
trustedIPs:
- "10.0.0.0/8"
- "192.168.178.0/16"
- "2a07:600:200:1::/64"
proxyProtocol:
insecure: false
trustedIPs:
- "10.0.0.0/8"
- "192.168.178.0/16"
- "2a07:600:200:1::/64"
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
to: "https" # The target element
scheme: "https" # The redirection target scheme
permanent: true # The target element
https:
address: "[::]:443" # Create the HTTPS entrypoint on port 443
forwardedHeaders:
insecure: false
trustedIPs:
- "10.0.0.0/8"
- "192.168.178.0/16"
- "2a07:600:200:1::/64"
proxyProtocol:
insecure: false
trustedIPs:
- "10.0.0.0/8"
- "192.168.178.0/16"
- "2a07:600:200:1::/64"
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket
exposedByDefault: false
file:
directory: "/etc/traefik" # Link to the dynamic configuration
watch: true # Watch for modifications
providersThrottleDuration: "10" # Configuration reload frequency
metrics:
prometheus: {}