Traefik with CrowdSec - the ULTIMATE SECURITY layer! - Tutorial

  Рет қаралды 10,160

Tech with Marco

Tech with Marco

Күн бұрын

Пікірлер: 23
@techwithmarco
@techwithmarco Жыл бұрын
Have you already seen my traefik tutorial? 😊 kzbin.info/www/bejne/h3SWqJireLqlbtE ---- 🔐If you want to improve your security stack even more, head over to my newest video about using a docker-socket-proxy instead of using it directly mounted from the host system! kzbin.info/www/bejne/mIDQn56Ajttmb68
@MMGroup72
@MMGroup72 Жыл бұрын
Another great video! Thank you Marco!
@techwithmarco
@techwithmarco Жыл бұрын
Always a pleasure!
@Smoothi0815
@Smoothi0815 11 ай бұрын
Hey Marco, ich bekomm das alles soweit super hin. Danke. Lokal funktioniert das auch sehr zuverlässig. Sobald ich eine lokale IP als Decision hinzufüge, blockt der Bouncer diese weg. Nun habe ich die entsprechende Portfreigabe gemacht und die DNS-Einträge für meine Domain angelegt (nutze Cloudflare). Dann habe ich übers Handy (natürlich nicht im WLAN) auf meine Domain zugegriffen und das klappt auch. Allerdings steht im Traefik-Access-Log nicht die richtige öffentliche IP des Geräts, sondern immer eine andere. Ist vermutlich nur eine Kleinigkeit, aber so macht Crowdsec ja erstmal noch keinen Sinn. Hast du einen Rat?
@techwithmarco
@techwithmarco 10 ай бұрын
hey, hast du cloudflare als proxy zwischen geschaltet oder als direkten A record verlinkt? Falls ersteres gibt es da ein paar Wege um die echte IP des Requests zu bekommen. Entweder mit Traefik Plugins wie "Traefik-Real-Ip" (plugins.traefik.io/plugins/628c9f01108ecc83915d776c/traefik-real-ip) oder "real-ip-from-cloudflare-proxy-tunnel" (plugins.traefik.io/plugins/62e97498e2bf06d4675b9443/real-ip-from-cloudflare-proxy-tunnel). Oder du kannst .forwardedHeaders.trustedIPs setzen und dort alle cloudflare netze auflisten. Die CIDRs gibts mit einer einfachen google suchen zu finden --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,... hier ein Beispiel (www.reddit.com/r/Traefik/comments/th33a3/comment/i15tdzp/?context=3) Ich hoffe das hilft :) Sonst melde dich gerne nochmal!
@Smoothi0815
@Smoothi0815 10 ай бұрын
@@techwithmarco hey Marco, ich konnt es schon lösen. Ich musste nur noch die x-forwarded Headers aktivieren. 😉
@techwithmarco
@techwithmarco 10 ай бұрын
@@Smoothi0815 sehr cool! Ich habe das auch mal in die Docs in github einfach mal mit aufgenommen :)
@jarrodbarton
@jarrodbarton 2 ай бұрын
ah damn i didnt even realize you could get cli control of digital ocean haha... great video!
@ethernaelis
@ethernaelis 4 ай бұрын
Hi! Thanks for the video, is there a reason you didn't use the official plugin from traefik to integrate crowdsec ? (I'm new to this tech)
@na1du
@na1du 2 ай бұрын
Does the bouncer support crowdsev appsec?
@jschneekloth
@jschneekloth Жыл бұрын
What are you using to get your terminal to look like that? Some oh my zsh theme?
@techwithmarco
@techwithmarco Жыл бұрын
Yes I was using powerlevel10k at that time. I changed to Starship now. I think I'll do a video about zsh theme options in the future as I love to try different stuff for themes 😄
@niklaskroehnke
@niklaskroehnke Жыл бұрын
Geil! ☺️👌👌 feier ich!
@techwithmarco
@techwithmarco Жыл бұрын
Sehr cool 😃 ich hoffe du konntest was lernen 😂😂
@nicoladellino8124
@nicoladellino8124 Жыл бұрын
Very useful video, THX.
@techwithmarco
@techwithmarco Жыл бұрын
Thanks! Always appreciate these comments 🙂
@thomasgreiveldinger7879
@thomasgreiveldinger7879 Жыл бұрын
Großartig. ❤
@escape808
@escape808 2 сағат бұрын
I self host I would never trust anything in the cloud if you are into privacy and security. i'm sure some people might get use out of cloud stuff (apple users) lol.
@faizansirajuddin
@faizansirajuddin Жыл бұрын
What is username and password? how to create one not mentioned in both the videos
@techwithmarco
@techwithmarco Жыл бұрын
You mean the basic authentication for the dashboard of traefik? This is mentioned in the traefik_config/dynamic_conf.yml on github. As an example this is user and as password demo. You can create new ones with the cli command: htpasswd -nb user 'demo'
@atol71
@atol71 Жыл бұрын
Not to provide sour note: Traefik lets all ports trough except 443 and 80. No security..... VW German diesel.
@chaospheremk
@chaospheremk Жыл бұрын
Not even close to true lol
Keep Hackers Out with Crowdsec Now!
20:54
Jim's Garage
Рет қаралды 25 М.
She made herself an ear of corn from his marmalade candies🌽🌽🌽
00:38
Valja & Maxim Family
Рет қаралды 18 МЛН
Une nouvelle voiture pour Noël 🥹
00:28
Nicocapone
Рет қаралды 9 МЛН
The Best Band 😅 #toshleh #viralshort
00:11
Toshleh
Рет қаралды 22 МЛН
The evil clown plays a prank on the angel
00:39
超人夫妇
Рет қаралды 53 МЛН
Simple HTTPs for Docker! // Traefik Tutorial (updated)
38:06
Christian Lempa
Рет қаралды 57 М.
Boosting your Linux Server Security with CrowdSec
26:47
Learn Linux TV
Рет қаралды 19 М.
Installing Teleport + Traefik (Letsencrypt TLS certs)
23:50
Christian Lempa
Рет қаралды 55 М.
Traefik security issue - mitigate with docker-socket-proxy
11:48
Tech with Marco
Рет қаралды 4,1 М.
CrowdSec: Open Source Collaborative Community Security
12:46
Lawrence Systems
Рет қаралды 26 М.
She made herself an ear of corn from his marmalade candies🌽🌽🌽
00:38
Valja & Maxim Family
Рет қаралды 18 МЛН