Compare commits
16 Commits
6287e7b6cd
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ddf912a4e9 | |||
| 15f47d5554 | |||
| 6992333c6f | |||
| 2af1f4c5d9 | |||
| e74476439d | |||
| c51f5a6d0d | |||
| 3f22dc885c | |||
| 456416b04d | |||
| 9a01d992ad | |||
| 154165ab18 | |||
| 445b638f55 | |||
| afe037ffad | |||
| 54bcc89c7f | |||
| d0e3149200 | |||
| c5a3763239 | |||
| 74a1e0b0f7 |
@@ -1,6 +0,0 @@
|
||||
appsec_configs:
|
||||
- crowdsecurity/appsec-default
|
||||
labels:
|
||||
type: appsec
|
||||
listen_addr: 0.0.0.0:7422
|
||||
source: appsec
|
||||
@@ -4,7 +4,7 @@ services:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
container_name: crowdsec
|
||||
image: crowdsecurity/crowdsec:v1.7.4
|
||||
image: crowdsecurity/crowdsec:v1.7.6
|
||||
environment:
|
||||
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
|
||||
CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
|
||||
@@ -18,7 +18,6 @@ services:
|
||||
- ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
|
||||
- ${SERVICE_PATH}/crowdsec/config/config.yaml:/etc/crowdsec/config.yaml
|
||||
- ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec
|
||||
- ${SERVICE_PATH}/crowdsec/appsec.yaml:/etc/crowdsec/acquis.d/appsec.yaml
|
||||
- ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data
|
||||
- /var/log/traefik:/var/log/crowdsec:ro
|
||||
- /var/log/syslog:/var/log/syslog:ro
|
||||
|
||||
@@ -5,10 +5,10 @@ http:
|
||||
crowdsec-bouncer:
|
||||
plugin:
|
||||
crowdsec-bouncer-traefik-plugin:
|
||||
enabled: true
|
||||
enabled: true
|
||||
logLevel: INFO
|
||||
updateIntervalSeconds: 60
|
||||
crowdsecMode: stream
|
||||
crowdsecMode: live
|
||||
crowdsecAppsecEnabled: true
|
||||
crowdsecAppsecFailureBlock: true
|
||||
crowdsecAppsecUnreachableBlock: true
|
||||
@@ -21,12 +21,12 @@ http:
|
||||
- 10.0.0.0/8
|
||||
clientTrustedIPs:
|
||||
- 192.168.178.0/24
|
||||
captchaProvider: hcaptcha
|
||||
captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
|
||||
captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
|
||||
captchaGracePeriodSeconds: 1800
|
||||
captchaHTMLFilePath: /captcha.html
|
||||
banHTMLFilePath: /ban.html
|
||||
# captchaProvider: hcaptcha
|
||||
# captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
|
||||
# captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
|
||||
# captchaGracePeriodSeconds: 1800
|
||||
# captchaHTMLFilePath: /captcha.html
|
||||
# banHTMLFilePath: /ban.html
|
||||
|
||||
routers:
|
||||
authelia:
|
||||
@@ -53,14 +53,6 @@ http:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
headscale:
|
||||
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
immich:
|
||||
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
|
||||
@@ -3,7 +3,7 @@ services:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: traefik:v3.6.6
|
||||
image: traefik:v3.6.10
|
||||
container_name: traefik
|
||||
ports:
|
||||
- "80:80"
|
||||
@@ -16,6 +16,11 @@ services:
|
||||
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
|
||||
TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
|
||||
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.3"
|
||||
memory: 150M
|
||||
volumes:
|
||||
- "/var/log/traefik/:/var/log/traefik/"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
@@ -36,7 +41,7 @@ services:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: hhftechnology/traefik-log-dashboard-agent:2.4.1
|
||||
image: hhftechnology/traefik-log-dashboard-agent:2.5.0
|
||||
container_name: traefik-log-dashboard-agent
|
||||
networks:
|
||||
- ip4net
|
||||
@@ -50,6 +55,11 @@ services:
|
||||
TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
|
||||
TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
|
||||
TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.10"
|
||||
memory: 50M
|
||||
healthcheck:
|
||||
test:
|
||||
[
|
||||
@@ -69,7 +79,7 @@ services:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: hhftechnology/traefik-log-dashboard:2.4.1
|
||||
image: hhftechnology/traefik-log-dashboard:2.5.0
|
||||
container_name: traefik-log-dashboard
|
||||
networks:
|
||||
- ip4net
|
||||
@@ -86,6 +96,11 @@ services:
|
||||
depends_on:
|
||||
traefik-agent:
|
||||
condition: service_healthy
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.1"
|
||||
memory: 50M
|
||||
labels:
|
||||
# traefik
|
||||
- "traefik.enable=true"
|
||||
|
||||
Reference in New Issue
Block a user