New Customers Exclusive - Get a Free 240gb SSD at Micro Center: micro.center/1fbb85 (paid)

I'm the author of the traefik bouncer, thanks for showing my work! Great video, thank you for the content. BTW, it's prononced F bo-na-lair. ;-)

Next video: Tim takes jujitsu classes in case someone breaks in to steal his server.

Your content keeps getting better and better. Thanks so much for showing us how to geek out even more while keeping ourselves secure!

For a dude that seems to throw around containers like they are nothing, it's nice to see you admit to having to lookup something old-school like crontab. I've been watching your videos to get up to speed on containers.Thanks for the content. You are really good at it!

Hi mate, u can setup cloudflare bouncer to have crowdsec blacklist shared up to the cloudflare layer. Using it for enterprises u can ask cloudflare to have more than just 10000 ip addresses configured as a list (they raised me to 20k). After some months a bit of improvement is reached that way. Happy hardening u all 🎉

crowdsec has massive potential and it's great to see that it's getting more love

It would be great if you can revisit this video, since now traefik has an official plugin, the hub auto update itself (no cron needed), the dashboard looks cool, they have a centralized way to manage multiple instances, they added appsec WAF integration and probably more. There arent't many recent tutorials and you're always spot on with yours.

New Customers Exclusive - Get a Free 240gb SSD at Micro Center: micro.center/1fbb85 (paid)

For those curious if you lose your api key you can just do docker exec crowdsec cscli bouncers remove bouncer-traefik and just do the add again.

2024 and I used this to learn about this. Still good to go

I'm already using Traefik so now I'm definitely gonna check out CrowdSec. Looks cool and easy to configure. Thanks for another awesome and easy-to-follow tutorial! FYI, isn't the GID value in the docker-compose file supposed to have colon to specify the default value "${GID:-1000}" ?

Very interesting Tim 👌 Happy to view more smiles 😜

As usual, absolutly epic guide that made it easy for me to get this up and running. thanks heaps!

Tim the King!! as always - thanks for the video - keep them coming - learned a lot!

I just set this up, be aware that if you're running behind a reverse proxy like cloudflare the traefik bouncer here doesn't use the correct IP address due using the incorrect header value.

You are now my master in networking.

Thanks a lot ! Please show us how you configure a proxmox log parser, or iptables bouncer on an episode #2, would love it

never been happier to have a cleaned up Johnny Depp show me the way

excellent document, I installed it , but had an issue witth the bouncer, even if the manual added ip deciscion is properly added to the list, the bouncer does not blocks ,

I know this vid is a year old, but good video, would you do a guide for the nginx proxy manager with crowdsec?

What is nice? A great selfhosted solution. What is even better? A solution with awesome graphics!

Good video, Unfortunatly I found crowdsec to be buggy when blocking ssh so I went back to fail2ban.

Great video! I think I’ll deploy this at least on my Docker-Web server.

Well atleast you can say that the security information that you have been providing to us, works in with evidence :)

Your my boy blue! And I understand why you did this, and I am glad you made a video! Seriously But I don't know what you are talking about. You went from cards you colored with a crayon yourself to this... Quite a leap! Especially for me! Like I said, I'm glad you did it. Seriously. And in about 3 years when I have caught up with you, I will be thankful! Ha ha keep up the good work. Lots of your vids meant nothing at first and then a few months later, I was on bord.

Man, I absolutely love your content and knowledge. Definitely appreciate ya'...

can you show how to run crowdsec with nginx proxy manager ??

Micro center is like Disney land

Great tutorial Tim! Anyone know of a suitable Crowdsec docker image for arm (Raspberry pi)? I had a look around and couldnt find one. I'd rather install on docker if at all possible.

Instead of crontab, you might want to get familiar with systemd timers. Much easier to manage in my opinion.

I got hit with almost 8,000 requests on my Synology in three days. I watched the notification stream up into the notification box at a rapid enough pace I was legit afraid lol. Luckily I had protections in place because oh myyyy

One thing, that you still dont follow: you dont capsule your services from another. You just use ONE network: "Proxy" if you want to protect your services even more, you should create seperate containers between the traefik and services like heimdall and co.

In europe stuff like this is always a pain to check if it is in line with GDPR

seems still pretty complex but i feel following the steps it can be done

Windows is not yet supported

How do you protect your services?

Hey Techno, amazing video! I was really exciting when I managed to config Crowd for read the traefik logs. I have a question unu Is it possible to configure Crowdsec to allow the connection from a specific origin, and ignore or prevent access to my service from other origins different from the domain I defined? The context is that I need to secure a backend that is exposed to the internet via traefik and an external frontend needs to consume it.

The reason working in crown tabs is confusing is because you shouldn't. You better set it up via crony or similar. Btw same goes for the sudoers file

Thank for the video! I would really appreciate a tutorial for using this with nginx proxy manager as well. I'm trying to figure it out, but I haven't gotten it to work yet!

Hey, Tim. Really enjoying the channel and Discord. I have a question not crowdsec related but something I noticed in the video. Would you mind going into some detail on the ip whitelist(s) for Traefik? Couple of us trying to get it figured out and not having much luck. Definitely implementing crowdsec now!

I guess I would have started the bouncer before crowdsec, so that it's available when crowdsec starts up. Which means: crowdsec should depend on the bouncer. Am I wrong?

Are you planning to do a crowdsec nginx proxy manager video tutorial? awesome video by the way but sadly i don't use treafik

In case you see this, this is blocking every internal service but not the ones that are external. Guess it's due to the ip that we are blocking being internal.

Question: Won't access log grow to infinity? How big is your access.log file right now? What should be the cap? Request: Can you make an update to Grafana monitoring guide using influxdb and adding consolidating the alerts including crowdsec? I just want "BOGOOGA" sound alert on my phone if I am getting DDosed.

Hi Tim ! How do you enroll your Crowdsec container in the cloud console ? I've done it with the cscli command but it needs to be done again after each re-creation ...

Calmly waiting on your Turing Pi cluster video... I.... Promise..... :)

The container has crontab in it. Just mount a script with cscli hub update && cscli hub upgrade to /etc/periodic/hourly.

How did you get Cloudflare to forward the real IP? In your case if you use Cloudflare which I think you do, the ban only worked because you have a local DNS. Banning your IP would otherwise do nothing because traefik and hence crowdsec would always see the Cloudflare IP assuming you have reverse proxy set up in CF

Hey Tim, great video appreciate all your hard work. I've been trying to install crowd sec for some time now in my environment. I have two raspberry pi's one 32 bit and one 64 bit. Crowd sec has given some instructions on how to install on arm but my Linux skills are lacking and well they don't show us like you do. Also I don't use traffic I use nginx reverse proxy. Should I even try or should I keep waiting for someone to make a video specifically for raspberry pi crowd sec with Nginx and docker.

Why dont you just use bind mounts instead of docker volumes? Aren’t binds easier to use and backup?

wait in the end it sounds like i have to manually add ips to the descsions list. I thought this is an automatic thing that bans any IP that appears SUS to my instance or is already known to be sus.

Can we get a updated video

Collaborative Open Source is the future

I have been using crowdsec on my Debian server for the past week but I had no idea they Docker images and docker bouncers

Love your stuff

Hey, great vids, just started self hosting, you're giving me too many ideas... Anyway, I'd love a video covering how you might have setup services that use SMTP/email settings. Thinking WordPress, Vaultwarden etc. Thinking to have a single SMTP relay that everything points to, which then forwards out via Gmail/X service.

This is really good. Thanks for putting this together.

crowdsec and traefik seem to be seeing my docker bridge network gateway IP, not the client IP, so crowdsec doesn't seem to be working for me. Do you know what I would do to resolve it?

Those 1.2m people should have clicked subscribe, those get through!

works a treat. cheers!

Hey @TechnoTim, did you tried the Metabase Dashboard? It works fine, but after compose recreation the credentials are default again. Were can i find the credential information to persist?

Hi, what extension do you use for highlighting arrays in the stack!?) it very useful

14:45 - I have the folder but no logs. When I exec into traefik there are both the log files. I've gone through my yml files 5 times now a nd rewatched the video to this point a few more. My networks are the same. Maybe there is something different being I am trying a year after your post?

Thanks for the demo and info, have a great day

this was great!

Thanks for the great tutorial and video. I've leared a lot from you over the last few months. After working through this and installing I have a question I'd like your input on. When proxying through Cloudflare, crowdsec is analyzing the Cloudfare IP, not the real IP of the client. Now I can imagine how this may be useful if someone decides to attack the IP directly or somehow gets around Cloudflare (I can't even begin to imagine how that's even possible), but I have my firewall to only accept connections from Cloudflare IPs on 80/443. So in that instance, can you still see any benefit to crowdsec? I know there are some complicated ways to have traefik be able to see the real IP from Cloudflare, but I haven't attempted that yet.

The Core Question for me is, can i make Trafik work behind an HaProxy. I have atm a haproxy running in my pfsense and i would like to keep that, but trafik with crowdsec would be a nice addition? What IP does Crowdsec ban ? For example can i tell it to ban cf-connecting-ip ?

Install starts at 5:15

When I'm using CF proxy how to get real ip to crowdsec ?

Sounds great, but this is not only open sourced but the database is managed by the community; what's to stop bad actors from listing valid sites as malicious? wouldn't that make this it's own kind of ddos attack if people can't access a site because someone fraudulently added it to a block list?

I always see these videos with crowd-sec, fail2ban, etc, and I want to add these to my setup, but what I always see left out is the explanation of what happens to self-hosted content that isn't accessed exclusively from a browser? Like emby/plex wallabag bitwarden, etc, that have a mobile app integration and even a possible chrome extension? Do they just break unless the app-code is specifically built to work with it? because it seems like crowdsec and f2b work by placing a sort of http "basic-auth" layer in front of it and forwarding the creds to the app and then logging the apps response and sifting through those logs with the bouncers etc, unless I misunderstood that, and if that's the case, what if the chrome extensions for bitwarden and the mobile apps for emby/plex aren't setup to expect that middleware layer between the emby server and the mobile app? For example, does the bitwarden mobile app need to be specifically developed to expect that middleware layer or is it a seemless interception of the creds the mobile app passes to what it thinks to be the bitwarden server and is in reality the traefik/crowdsec middleware? An alternative would be if the middleware just passes through traffic that has http-headers/user agent strings that identify it as a mobile app to maintain compatibility because it doesn't deal with mobile apps, but what stops bots from just using that user-agent string to bypass the middleware if that's how it works? Again If anyone has experience with this i'd love to hear any explanations or corrections of misunderstandings i might have. It's one of those things that i've searched the docs for but it seems like i won't know it it works or not until i attempt it unless someone else has already and can share their experience

That promotion has been going on for so long I'm really starting to wonder if they got an amazing deal on a container full of 240gb SATA SSDs or added a 0 to an order right before the price came down on 500's.

Late for the Party but thanks anyway. Works perfect!! 🙂🙂

Will this still work through cloudflare, specifically does it know how to parse the cloudflare forwarded IP field?

It works 🙂

How do you configure crowdsec to download their ban list and apply to your instance? Or is it automatic? This is kind of the whole point.

what a brilliant video. i was thinking crowdsex not to long ago... but decided on a not yet... but maybe... hmm... i have a question though. What do you use for monitoring your network/home lab for failures/outages/etc etc ? I was looking at nagios but decided to stop looking there since core was note updated in 2 years... And the options are almost infinite... i'm a but lost at this point...

ur awesome tim

I know he's going slow, which is helpful, but I just want to do a temperature check in the comment section. Does anyone fully get what he's saying?

Maybe I'm missing something. But didn't you configure a conditional forward in your UDM Pro so that only traffic from Cloudflare gets allowed? In other words, if the rest of the packets gets dropped, what's the advantage of this?

During you were DDOS attacked I tried to find your article about traeffik 2 and I was lost 😩

How do i reseve proxy outside doxker

Very well explained but you dont have the files on github :(

Tim what's the music during the crowd sec intro section.

Hi just wanted to ask u about your rack, on the bottom of it you have a 24 bay disk shelf what did you use to mount it in the rack? was it a Adjustable Rack Mount Server Shelf Rails 1U?

hey it's me again I'm have a question, with that configuration you will not have logs on the the stdthing (out/err/in) don't remember witch one docker logs use, that's OK for crowdsec that need that aparently but how to put those logs in loki for grafana ? did you try the traefik/grafana/crowdsec combo and how to make those those logs from file in the loki-driver too ? thanks :)

Would this be the same as the plugin that is available for traefik?

Hi Tim I'm having an issue that it only works for me when I block a local (docker) IP. If I block my public IP it still permits access. When I view the logs it only shows the local addresses. Any ideas?? Thank you

Will this work with Nginx Proxy Manager?

"ah-quiz" file, youre welcome

Informative video. It's not nice whoever did the ddos, did it in the first place. properly for internet cred if that a thing 😁😂

Acquis is pronounced "A Key"

You can not protect your home lab against ddos. I suggest you not to waste time on this unless your home is inside a datacenter. Even if you set an ip whitelist to all ports and protocols it's not going to protect you. If your bandwidth can't handle it, there is nothing you can do. There is a possibility to use bgp flow to your advantage, but I don't know a single home internet provider who supports it and even then it's really limited

hi, you have a github with this complete solution ?

Thanks!

Crowdsec? Seriously 😅

Dang 4 minute of video ads prior to the content. Real cool….

Hi Tim, I tried crowdsec on traefik, but I think authelia is getting in the way ! I did many try to connect on my phone but no log in traefik yet when I want to see the log of the authelia application I can see the log : Unsuccessful 1FA authentication attempt by user '' and so far CS did not decide to block those try ! so it's great to block already known IPs I looking forward to an update so we can add authelia in the survey of CS :) I already found the collection and configuration now I need to put that togather and add a new aquisition in the list, but that part is a bit clouded for 1 folder it's clear, cristal clear, but can I add other foler with other labels... and what abount a bouncer for that app? may be it's not needed cause the app that will block is traefik; I'ld like to get the logs of the server hosting docker to be analysed too; to be sure no brute force will be attempted on my ssh even if I'm a no password guy I'd like to get those metrics in CS ;) So here you gave me way to criticaly upgrade my securiity :D again thanks dude :)