diff --git a/docker-compose.yml b/docker-compose.yml index a0702b4..f4d07fb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -96,20 +96,17 @@ services: - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email # CrowdSec plugin middleware (reusable) - - traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.enabled=true - - traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapiurl=http://crowdsec:8080/ - - traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapikey=${CROWDSEC_BOUNCER_KEY} - - traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdsecmode=stream - - traefik.http.middlewares.crowdsec.forwardauth.address=http://traefik-bouncer:8080/api/v1/forwardAuth - - traefik.http.middlewares.crowdsec.forwardauth.trustForwardHeader=true - - traefik.http.middlewares.crowdsec.forwardauth.authRequestHeaders=X-Real-Ip,X-Forwarded-For + - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.enabled=true + - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdseclapiurl=http://crowdsec:8080/ + - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdseclapikey=${CROWDSEC_BOUNCER_KEY} + - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdsecmode=stream # Traefik dashboard (protected) - traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`) - traefik.http.routers.traefik.entrypoints=websecure - traefik.http.routers.traefik.tls.certresolver=le - traefik.http.routers.traefik.service=api@internal - - traefik.http.routers.traefik.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.traefik.middlewares=crowdsec-plugin,authelia,security-headers ## ───────────────────────────────────────────── ## Portainer — Docker control plane @@ -127,7 +124,7 @@ services: - traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`) - traefik.http.routers.portainer.entrypoints=websecure - traefik.http.routers.portainer.tls.certresolver=le - - traefik.http.routers.portainer.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.portainer.middlewares=crowdsec-plugin,authelia,security-headers - traefik.http.services.portainer.loadbalancer.server.port=9000 ## ───────────────────────────────────────────── @@ -162,7 +159,7 @@ services: - traefik.http.routers.umami.rule=Host(`umami.gate.${DOMAIN}`) - traefik.http.routers.umami.entrypoints=websecure - traefik.http.routers.umami.tls.certresolver=le - - traefik.http.routers.umami.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.umami.middlewares=crowdsec-plugin,authelia,security-headers - traefik.http.services.umami.loadbalancer.server.port=3000 ## ───────────────────────────────────────────── @@ -236,7 +233,7 @@ services: - traefik.http.routers.kuma.rule=Host(`status.gate.${DOMAIN}`) - traefik.http.routers.kuma.entrypoints=websecure - traefik.http.routers.kuma.tls.certresolver=le - - traefik.http.routers.kuma.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.kuma.middlewares=crowdsec-plugin,authelia,security-headers - traefik.http.services.kuma.loadbalancer.server.port=3001 ## ───────────────────────────────────────────── @@ -255,7 +252,7 @@ services: - traefik.http.routers.prom.rule=Host(`prometheus.gate.${DOMAIN}`) - traefik.http.routers.prom.entrypoints=websecure - traefik.http.routers.prom.tls.certresolver=le - - traefik.http.routers.prom.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.prom.middlewares=crowdsec-plugin,authelia,security-headers - traefik.http.services.prom.loadbalancer.server.port=9090 cadvisor: @@ -300,5 +297,5 @@ services: - traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`) - traefik.http.routers.grafana.entrypoints=websecure - traefik.http.routers.grafana.tls.certresolver=le - - traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers + - traefik.http.routers.grafana.middlewares=crowdsec-plugin,authelia,security-headers - traefik.http.services.grafana.loadbalancer.server.port=3000