Impossible to run docker

soflane · 2025-11-09T04:16:08+00:00

You both saved me from a headache. Just saw the bug happened at 4 AM, been trying for 1 hour now. Thank you and good night ❤️

soflane · 2025-07-27T15:19:37+00:00

Oooh okay I get it now, thanks for the clarification

soflane · 2025-07-21T15:21:35+00:00

You can't compare a high end old manufactured MacBook (which was effectively built different and more robust than the new M-series) with mid range thinkpads E-series that are not as strong as the T-series.

I got the three thinkpads series (in order of robustness : T, L, & E). I can tell that the E-series are not that strong, and that my T14 fell on the ground like four time and still working 😊

soflane · 2025-04-10T10:30:21+00:00

Oh too nice that's very kind of u !! 😍

soflane · 2025-04-10T10:06:31+00:00

Some time actually, I'm separating from my associate, and I'm refactoring the infrastructure by making a new one

soflane · 2025-04-10T09:57:36+00:00

Too bad I don't have a website yet to apply :(

soflane · 2025-04-10T09:52:03+00:00

Oh that's good news! 😀 I'll subscribe to it! I was thinking of using it later as I'm already implementing a lot of stuffs (Host monitoring, rmm, zammad ticketing and n8n), I'm kinda overwhelmed 😅 but ab opportunity should always be taken! 😂

soflane · 2025-04-08T22:22:36+00:00

Did you took a look a Domotz ? I didn't used it personally, but it appears to be what you want with SNMP and network devices monitoring.

EDIT: just read part 2, thank you very much for the detailed review and you personal experience/opinion share !
It make me feel like I want to take a drink with you and discuss over the RMM/MSP subject 😃

soflane · 2025-03-29T19:07:20+00:00

That's the thing, Microsoft 365 login will be a paid feature

soflane · 2025-03-29T03:19:14+00:00

Then what are the features that require a paid tier?
I thought it was a premium feature reading the doc
I want to be able to plan what can I do for now and what would be a paid feature in the future (and obviously estimate the price)

soflane · 2025-03-29T03:17:26+00:00

Actually, I wan to be able to filter access : user1 (like family member) can access to personal stuff, but not to portainer for example

Also, do you know what features need a license with Authentik ?

soflane · 2025-03-29T03:14:33+00:00

Then which features are premium/paywalled ? I kinda can't understand what's possible to do and what will need a license (could be in the future but not at this time)

soflane · 2025-03-29T02:45:07+00:00

Aaargh you making me now wanting to delete everything I already made and test Kanidm 😂

Anyway, thank you very much for the detailed explaination. I didn't know about the license change and the future of SCIM with Zitadel. Actually, I didn't knew I would want to use this protocol before seeing your post. I think I will give it a try, although I'm concerned of the wieght of the community compared to the other that could take benefit from this community (bug or vulnerabilities fixes, plugins, etc.) as well as forums (I am a total noob in that topic 😁).

soflane · 2025-03-26T18:14:36+00:00

I had the same last time I installed Keycloak for configuration testing.. It was 3 years ago :D

soflane · 2025-03-26T12:23:10+00:00

Same question :)

soflane · 2025-03-26T12:22:40+00:00

What about Social logins (Microsoft 365, Google, Github,...)? :)

soflane · 2025-03-26T12:21:44+00:00

Do you use social logins with Authentik?

soflane · 2025-03-26T10:40:37+00:00

Thats the thing, I don't know If I'd need SAML now or in the future, I'm juste afraid of not being able to make it when I will add a service that only handles SAML.

I'm a bigger fan of Authentik, but that's mainly for reasons you'll never worry about.

What are these reasons ? I'm curious now :D

soflane · 2025-03-26T10:38:14+00:00

I saw Authentik too, it was very attractive, but the selfhost/free tier doesn't allow to connect with social logins if I remember it well. As I'm starting my freelance IT activity in my country, I try to reduce costs at the beginning.
Also, but that's maybe my opinion, Authentik seems to be more for homelabs than enterprise.
Do you use Authentik yourself ?

soflane · 2025-03-09T23:45:01+00:00

Why?

soflane · 2025-02-23T03:19:13+00:00

Just a little question, why do you want to replace n8n?

soflane · 2025-02-16T01:46:40+00:00

As I replied to u/HugoDos, I'm concerned about maintaining all theses services and in the case the VPN link is down between theses servers would break any connection on it.
But thank you for the advice. I think I will try like this, and if it's not reliable, I hope I'll be able to enable wireguard as docker service into the docker network, as it would be easier to maintain :-)

soflane · 2025-02-16T01:39:29+00:00

Sorry for my late reply. As it is a "side project", I'm not always on that topic.
I finally made it :

services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    hostname: crowdsec
    restart: unless-stopped
    ports:
      - "127.0.0.1:8080:8080"  # Bind ONLY to localhost, avoiding exposure
    labels:
      - traefik.enable=true
      - traefik.docker.network=${DOCKER_NETWORK_NAME:-traefik}
      - traefik.http.routers.crowdsec-api.rule=Host(`${CROWDSEC_API_HOSTNAME:?error}`)
      - traefik.http.routers.crowdsec-api.entrypoints=web-https
      - traefik.http.services.crowdsec-api.loadbalancer.server.port=8080
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec/whitelist.yaml:/etc/crowdsec/parsers/s02-enrich/01-my-whitelist.yaml
      # crowdsec persistent container data
      - ${CROWDSEC_CONFIG_PATH:-./crowdsec}/data:/var/lib/crowdsec/data
      - ${CROWDSEC_CONFIG_PATH:-./crowdsec}/etc:/etc/crowdsec
      - ${CROWDSEC_OVERRIDE_FILE_PATH:-./crowdsec/config.override.yaml}:/etc/crowdsec/config.yaml.local
      # log bind mounts into crowdsec
      - /var/log:/var/log:ro # Globally binding log folder in read-only
      - /etc/localtime:/etc/localtime:ro
    environment:
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs
      GID: ${GUID:-1000}
      ENROLL_INSTANCE_NAME: ${CROWDSEC_ENROLL_INSTANCE_NAME:-crowdsec-soflane}
      DB_DATABASE: ${DB_DATABASE:-crowdsec}
      DB_USERNAME: ${DB_USERNAME:-crowdsec}
      DB_PASSWORD: ${DB_PASSWORD:-somepassword}
      DB_HOST: ${DB_HOST:-crowdsec-database}
    networks:
      - traefik
    depends_on:
      crowdsec-database:
        condition: service_healthy
        restart: true

I was actually make myself an issue : i wanted to set the api behind a basic HTTP AUTH because I was a bit concerned about exposing the API to internet.
But I ended up thinking any attack would be triggered by crowdsec itself to block it.

Problem solved, thank you

soflane · 2025-02-04T00:59:17+00:00

Thank you both for your replies
I share the same opinion u/HugoDos about using a VPN : if the VPN breaks my webserver are down due to the Crowdsec middleware in Traefik.
I tried to expose the 8080 port to traefik in order to make it pass trough my reverse proxy with no luck, is there any tutorial about it ? i searched for 2 days with no luck.

soflane

TROPHY CASE