mirror of
https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin.git
synced 2025-11-08 15:15:05 +01:00
b68c692ed1
* ✨ add support for appsec in crowdsec * 🐛 lint * 🐛 fix lint * 🐛 fix lint * 🐛 fix lint * fix: comments * 🐛 lint and doc * 🐛 fix comment and lint * 📝 Start documentation for appsec with exemple * 📝 Fix readme typos and update example * 🚨 Fix Lint --------- Co-authored-by: Mathieu Hanotaux <mathieu@hanotaux.fr>
89 lines
3.3 KiB
YAML
89 lines
3.3 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.10.4"
|
|
container_name: "traefik"
|
|
restart: unless-stopped
|
|
command:
|
|
- "--accesslog"
|
|
- "--accesslog.filepath=/var/log/traefik/access.log"
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--entrypoints.web.address=:80"
|
|
|
|
- "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
|
|
- "--experimental.plugins.bouncer.version=v1.1.15"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "logs:/var/log/traefik"
|
|
ports:
|
|
- 8000:80
|
|
- 8080:8080
|
|
depends_on:
|
|
- 'crowdsec'
|
|
|
|
whoami1:
|
|
image: traefik/whoami
|
|
container_name: "simple-service-foo"
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Definition of the router
|
|
- "traefik.http.routers.router-foo.rule=Path(`/foo`)"
|
|
- "traefik.http.routers.router-foo.entrypoints=web"
|
|
- "traefik.http.routers.router-foo.middlewares=crowdsec-foo@docker"
|
|
# Definition of the service
|
|
- "traefik.http.services.service-foo.loadbalancer.server.port=80"
|
|
# Definition of the middleware
|
|
- "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.enabled=true"
|
|
# crowdseclapikey must be unique to the middleware attached to the service
|
|
- "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.crowdseclapikey=FIXME-LAPI-KEY-1="
|
|
|
|
# forwardedheaderstrustedips should be the IP of the proxy that is in front of traefik (if any)
|
|
- "traefik.http.middlewares.crowdsec-foo.plugin.bouncer.forwardedheaderstrustedips=172.21.0.5"
|
|
|
|
whoami2:
|
|
image: traefik/whoami
|
|
container_name: "simple-service-bar"
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Definition of the router
|
|
- "traefik.http.routers.router-bar.rule=Path(`/bar`)"
|
|
- "traefik.http.routers.router-bar.entrypoints=web"
|
|
- "traefik.http.routers.router-bar.middlewares=crowdsec-bar@docker"
|
|
# Definition of the service
|
|
- "traefik.http.services.service-bar.loadbalancer.server.port=80"
|
|
# Definitin of the middleware
|
|
- "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.enabled=true"
|
|
# crowdseclapikey must be unique to the middleware attached to the service
|
|
- "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdseclapikey=FIXME-LAPI-KEY-1="
|
|
# enable AppSec real time check
|
|
- "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdsecappsecenabled=true"
|
|
# forwardedheaderstrustedips should be the IP of the proxy that is in front of traefik (if any)
|
|
- "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.forwardedheaderstrustedips=172.21.0.5"
|
|
|
|
crowdsec:
|
|
image: crowdsecurity/crowdsec:v1.5.3
|
|
container_name: "crowdsec"
|
|
restart: unless-stopped
|
|
environment:
|
|
COLLECTIONS: crowdsecurity/traefik
|
|
CUSTOM_HOSTNAME: crowdsec
|
|
# We need to register one api key per service we will use
|
|
BOUNCER_KEY_TRAEFIK: FIXME-LAPI-KEY-1=
|
|
volumes:
|
|
- ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
|
|
- logs:/var/log/traefik:ro
|
|
- crowdsec-db:/var/lib/crowdsec/data/
|
|
- crowdsec-config:/etc/crowdsec/
|
|
labels:
|
|
- "traefik.enable=false"
|
|
|
|
volumes:
|
|
logs:
|
|
crowdsec-db:
|
|
crowdsec-config:
|