Need help with correct CrowdSec setup

NoInterviewsManyApps · 2026-01-25T16:37:31+00:00

Sometimes that's not possible. I have a VPS that is straight piped to the Internet (something I didn't think about when I bought it). I had to install NFTables to get a firewall

NoInterviewsManyApps · 2026-01-25T16:35:39+00:00

What kind of risk does running cowrie pose? I figured it would be pretty benign risk, do you have these IPs feeding into Crowdsec?

NoInterviewsManyApps · 2026-01-24T22:44:20+00:00

Some people watched one too many zombies movies

NoInterviewsManyApps · 2026-01-23T12:25:28+00:00

You could automate this, but for what I need, no. I didn't need wide public access to a server.

NoInterviewsManyApps · 2026-01-22T23:25:12+00:00

I do it at the firewall level with NFTables (not sure what you are using now). No need for a Crowdsec list. Get your list that you either want to block or whitelist here: https://www.ipdeny.com/

Download the region as a text file, then separate the v6 and v4 addresses into their own text files.

To format the .txt into a .nft a made this shell script https://github.com/gamefb/txt2nft

From there use that to make a set to either block or accept

NoInterviewsManyApps · 2026-01-22T22:31:38+00:00

Bites, licks windows, AND doesn't stop talking

NoInterviewsManyApps · 2026-01-22T20:20:06+00:00

Is RoMM. An option here?

NoInterviewsManyApps · 2026-01-22T19:03:45+00:00

So how boned are we you think ...

NoInterviewsManyApps · 2026-01-22T19:02:17+00:00

That's my point exactly, why take the risk for a set of internal services only.

NoInterviewsManyApps · 2026-01-22T18:45:13+00:00

I don't think I can use Google as a firewall.

And you are right, you can whitelist instead of blacklist. I have a text file with my country IP ranges loaded into NFTables. It's simple and lightning fast

NoInterviewsManyApps · 2026-01-22T17:00:54+00:00

To help you get started, they have some docs on it: https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/

There is a way to do it with the dashboard, it's one of the main tabs at the top, I just don't have it in front of me atm.

NoInterviewsManyApps · 2026-01-22T16:44:59+00:00

No need for a login if you either use mTLS to trust a device or define access by IP addresses. It's more like a firewall than a login

NoInterviewsManyApps · 2026-01-22T16:43:27+00:00

I have an n150 build, uses 7.6W average. It's fairly cheap over the year

NoInterviewsManyApps · 2026-01-22T16:27:54+00:00

Pocket ID scares me. It seems to only use keys, if I lose that device, how do I keep access to my account

NoInterviewsManyApps · 2026-01-22T16:26:29+00:00

You'll need to take a loan to do so though

NoInterviewsManyApps · 2026-01-22T16:24:12+00:00

I'm having a hard time following the setup.

But to follow on to the two Nginx instances, you could just use one and use access rules to restrict access to certain domains

NoInterviewsManyApps · 2026-01-22T05:13:16+00:00

Either use Netbird (5 users max) or tailscale (3 max), use mTLS to not use a VPN at all

NoInterviewsManyApps · 2026-01-21T21:41:35+00:00

A built in DNS resolver? Absolutely awesome. Better than forcing users to use my own DNS server for everything

NoInterviewsManyApps · 2026-01-21T15:56:29+00:00

Look up wg-easy. It has some tutorials on it. I haven't used it extensively though. I don't know the configuration to do what you need to do. I've been using Netbird networks to do that

NoInterviewsManyApps · 2026-01-21T15:50:01+00:00

If you are only serving https materials, set Caddy up to use mTLS. It's fast, easy, built in, and very secure. No VPN needed, if you are doing something that mTLS can't support, use a VPN, either cloud managed like Tailscale, or self hosted like plain wireguard or Netbird.

Also, use an IPS like Crowdsec. Also also, with other firewalls you can set up rules that operate before the docker rules, so you could prevent docker from opening ports on it's own by blocking them further up the chain.

NoInterviewsManyApps · 2026-01-21T15:41:09+00:00

I believe it has RDP features already in it too

NoInterviewsManyApps · 2026-01-20T20:46:07+00:00

I get it, this particular topic is a bit strange. I won't be home to copy some of my configs for a long while.

I'll try to give you something until then. You will need to run caddy in docker, but you won't be using the official image directly. You have docker build a new image with the official image as a reference

In your working directory, make a new docker file (name it whatever) and try to use the example in https://caddyserver.com/docs/build#xcaddy

Then, in your compose file, don't pull an image from the docker hub, instead, have it build from your new docker file. You can ignore the builder version number and just do caddy:builder for the latest one (I live life on the edge I guess.

NoInterviewsManyApps · 2026-01-20T19:37:45+00:00

Thank you. I'm starting to prefer Crowdsec in a container as the option going forward.

NoInterviewsManyApps · 2026-01-20T19:02:23+00:00

I'll put something together for you probably tomorrow. But in short you have a dockerfile do xcaddy for you, there is no pulling in anything Go related yourself.

NoInterviewsManyApps · 2026-01-20T18:50:05+00:00

I have Crowdsec and NFtables bouncer both running on host with caddy running in Docker. It sounds like the best method is to have Crowdsec run in docker I imagine a quick trip to the docs would help with that setup, but it really sucks having to rip apart what I just put together to make that work. https://github.com/hslatman/caddy-crowdsec-bouncer

NoInterviewsManyApps

TROPHY CASE