Skip to content

Commit 8f61c99

Browse files
geekaugeekau
committed
Add Grafana & Integrate CrowdSec bouncer into Traefik
1 parent 514b3dd commit 8f61c99

8 files changed

+258
-200
lines changed

Import Bookmarks - MediaStackGuide Applications (External URLs).html

+2-4
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,11 @@ <H1>Bookmarks</H1>
1010
<DT><A HREF="https://github.com/geekau/mediastack/">GitHub | MediaStack Project Repo</A>
1111
<DT><A HREF="https://mediastack.guide/">MediaStack.Guide</A>
1212
<DT><A HREF="https://dash.cloudflare.com/">Cloudflare | Domain / DNS Management</A>
13-
13+
<DT><A HREF="https://app.crowdsec.net/security-engines/">CrowdSec Portal | Security Engines</A>
14+
<DT><A HREF="https://grafana.YOUR_DOMAIN_NAME/">Grafana | Monitoring Dashboard</A>
1415
<DT><A HREF="https://auth.YOUR_DOMAIN_NAME/">Authentik | Authentication & Authorisation Manager</A>
1516
<DT><A HREF="https://headplane.YOUR_DOMAIN_NAME/admin/">Headplane | Headscale & Tailscale Manager</A>
16-
<DT><A HREF="https://dashboard.YOUR_DOMAIN_NAME/">Dashboard: CrowdSec | Cyber Threat Intelligence Manager</A>
1717
<DT><A HREF="https://traefik.YOUR_DOMAIN_NAME/dashboard/">Traefik Proxy | Cloud Native Application Proxy</A>
18-
19-
2018
<DT><A HREF="https://portainer.YOUR_DOMAIN_NAME/">Portainer | Docker Manager</A>
2119
<DT><A HREF="https://jellyfin.YOUR_DOMAIN_NAME/">Jellyfin | Media Player</A>
2220
<DT><A HREF="https://plex.YOUR_DOMAIN_NAME/">Plex | Media Player</A>

Import Bookmarks - MediaStackGuide Applications (Internal URLs).html

+3-5
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,12 @@ <H1>Bookmarks</H1>
99
<DL><p>
1010
<DT><A HREF="https://github.com/geekau/mediastack/">GitHub | MediaStack Project Repo</A>
1111
<DT><A HREF="https://mediastack.guide/">MediaStack.Guide</A>
12-
<DT><A HREF="https://dash.cloudflare.com/">Cloudflare | Domain / DNS Management</A>
13-
12+
<DT><A HREF="https://dash.cloudflare.com/">Cloudflare | Domain / DNS Management</A>
13+
<DT><A HREF="https://app.crowdsec.net/security-engines/">CrowdSec Portal | Security Engines</A>
14+
<DT><A HREF="http://localhost:3200/">Grafana | Monitoring Dashboard</A>
1415
<DT><A HREF="http://localhost:6080/">Authentik | Authentication & Authorisation Manager</A>
1516
<DT><A HREF="http://localhost:3500/admin/">Headplane | Headscale & Tailscale Manager</A>
16-
<DT><A HREF="http://localhost:8600/">Dashboard: CrowdSec | Cyber Threat Intelligence Manager</A>
1717
<DT><A HREF="http://localhost:8080/dashboard/">Traefik Proxy | Cloud Native Application Proxy</A>
18-
19-
2018
<DT><A HREF="http://localhost:9000/">Portainer | Docker Manager</A>
2119
<DT><A HREF="http://localhost:8096/">Jellyfin | Media Player</A>
2220
<DT><A HREF="http://localhost:32400/">Plex | Media Player</A>

testing-traefik/.env

+1-1
Original file line numberDiff line numberDiff line change
@@ -91,9 +91,9 @@ TDARR_SERVER_PORT=8266
9191
# WebUI ports for internal access to applications
9292
WEBUI_PORT_AUTHENTIK=6080
9393
WEBUI_PORT_BAZARR=6767
94-
WEBUI_PORT_DASHBOARD=8600
9594
WEBUI_PORT_DDNS_UPDATER=8310
9695
WEBUI_PORT_FILEBOT=5454
96+
WEBUI_PORT_GRAFANA=3800
9797
WEBUI_PORT_HEADPLANE=3500
9898
WEBUI_PORT_HEIMDALL=2080
9999
WEBUI_PORT_HOMARR=3200

testing-traefik/README.md

+9-7
Original file line numberDiff line numberDiff line change
@@ -204,22 +204,24 @@ Create a Crowdsec account, and obtain your Crowdsec security engine enrolement k
204204

205205
``` bash
206206
sudo docker exec crowdsec cscli console enroll cm1yipaufk0021g1u01fq27s3
207-
sudo docker exec crowdsec cscli collections install crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/linux crowdsecurity/sshd crowdsecurity/traefik
208-
sudo docker exec crowdsec cscli parsers install crowdsecurity/traefik-logs crowdsecurity/docker-logs
207+
sudo docker exec crowdsec cscli collections install crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/linux crowdsecurity/iptables crowdsecurity/sshd crowdsecurity/traefik
208+
sudo docker exec crowdsec cscli parsers install crowdsecurity/syslog-logs crowdsecurity/iptables-logs crowdsecurity/sshd-logs crowdsecurity/traefik-logs
209209
sudo docker exec crowdsec cscli console enable console_management
210-
sudo docker exec crowdsec cscli bouncers add crowdsecBouncer
210+
sudo docker exec crowdsec cscli bouncers add traefik-bouncer
211211
```
212212

213213
Crowdsec will output the API Key for the bouncer:
214214

215215
``` bash
216-
API key for 'crowdsecBouncer':
216+
API key for 'traefik-bouncer':
217217

218218
8andilX0JKYIu8z+R4imPkIgG+TMdCttAuMaHrsV7ZU
219219

220220
Please keep this key since you will not be able to retrieve it!
221221
```
222222

223+
You must go back to [https://app.crowdsec.net/security-engines](https://app.crowdsec.net/security-engines) and approve registration of the new CrowdSec docker engine into the online portal.
224+
223225
Check the status of Crowdsec components:
224226

225227
``` bash
@@ -270,7 +272,7 @@ Crowdsec will display the following output:
270272
-----------------------------------------------------------------------------
271273
Name IP Address Valid Last API pull Type Version Auth Type
272274
-----------------------------------------------------------------------------
273-
crowdsecBouncer ✔️ api-key
275+
traefik-bouncer ✔️ api-key
274276
-----------------------------------------------------------------------------
275277
```
276278

@@ -298,7 +300,7 @@ Create Authentik Application:
298300
Name: Provider for Authentik
299301
Authorization flow: default-provider-authorization-explicit-consent (Authorize Application)
300302
Select "Forward auth (domain level)"
301-
Authentication URL: https://auth.example.com <-- change to your domain
303+
Authentication URL: <https://auth.example.com> <-- change to your domain
302304
Cookie domain: example.com <-- change to your domain
303305
Advanced flow settings:
304306
Authentication flow: default-authentication-flow (Welcome to authentik!)
@@ -313,7 +315,7 @@ Add application to outposts:
313315
Update Outpost:
314316
Select "Authentik" application in "Available Applications" and move across to "Selected Applications"
315317
Advanced settings:
316-
Under "Configuration", ensure authentik_host is http://authentik:6080
318+
Under "Configuration", ensure authentik_host is <http://authentik:6080>
317319
Select "Update"
318320

319321
Edit `docker-compose.yaml` and make the following adjustments:

0 commit comments

Comments
 (0)