elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Traefik middleware configuration to use crowdsec-plugin for enhanced security

Browse Source
This commit is contained in:
Mohmmed Elfateh Sabry
2025-08-11 02:18:51 +03:00
parent 395a970304
commit a6a36a8f95
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docker-compose.yml
View File

@@ -96,20 +96,17 @@ services:
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
# CrowdSec plugin middleware (reusable) # CrowdSec plugin middleware (reusable)
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.enabled=true - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.enabled=true
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapiurl=http://crowdsec:8080/ - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdseclapiurl=http://crowdsec:8080/
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapikey=${CROWDSEC_BOUNCER_KEY} - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdseclapikey=${CROWDSEC_BOUNCER_KEY}
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdsecmode=stream - traefik.http.middlewares.crowdsec-plugin.plugin.crowdsecbouncer.crowdsecmode=stream
- traefik.http.middlewares.crowdsec.forwardauth.address=http://traefik-bouncer:8080/api/v1/forwardAuth
- traefik.http.middlewares.crowdsec.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.crowdsec.forwardauth.authRequestHeaders=X-Real-Ip,X-Forwarded-For
# Traefik dashboard (protected) # Traefik dashboard (protected)
- traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`) - traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
- traefik.http.routers.traefik.entrypoints=websecure - traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls.certresolver=le - traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api@internal - traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.traefik.middlewares=crowdsec-plugin,authelia,security-headers
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
## Portainer — Docker control plane ## Portainer — Docker control plane
@@ -127,7 +124,7 @@ services:
- traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`) - traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`)
- traefik.http.routers.portainer.entrypoints=websecure - traefik.http.routers.portainer.entrypoints=websecure
- traefik.http.routers.portainer.tls.certresolver=le - traefik.http.routers.portainer.tls.certresolver=le
- traefik.http.routers.portainer.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.portainer.middlewares=crowdsec-plugin,authelia,security-headers
- traefik.http.services.portainer.loadbalancer.server.port=9000 - traefik.http.services.portainer.loadbalancer.server.port=9000
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
@@ -162,7 +159,7 @@ services:
- traefik.http.routers.umami.rule=Host(`umami.gate.${DOMAIN}`) - traefik.http.routers.umami.rule=Host(`umami.gate.${DOMAIN}`)
- traefik.http.routers.umami.entrypoints=websecure - traefik.http.routers.umami.entrypoints=websecure
- traefik.http.routers.umami.tls.certresolver=le - traefik.http.routers.umami.tls.certresolver=le
- traefik.http.routers.umami.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.umami.middlewares=crowdsec-plugin,authelia,security-headers
- traefik.http.services.umami.loadbalancer.server.port=3000 - traefik.http.services.umami.loadbalancer.server.port=3000
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
@@ -236,7 +233,7 @@ services:
- traefik.http.routers.kuma.rule=Host(`status.gate.${DOMAIN}`) - traefik.http.routers.kuma.rule=Host(`status.gate.${DOMAIN}`)
- traefik.http.routers.kuma.entrypoints=websecure - traefik.http.routers.kuma.entrypoints=websecure
- traefik.http.routers.kuma.tls.certresolver=le - traefik.http.routers.kuma.tls.certresolver=le
- traefik.http.routers.kuma.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.kuma.middlewares=crowdsec-plugin,authelia,security-headers
- traefik.http.services.kuma.loadbalancer.server.port=3001 - traefik.http.services.kuma.loadbalancer.server.port=3001
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
@@ -255,7 +252,7 @@ services:
- traefik.http.routers.prom.rule=Host(`prometheus.gate.${DOMAIN}`) - traefik.http.routers.prom.rule=Host(`prometheus.gate.${DOMAIN}`)
- traefik.http.routers.prom.entrypoints=websecure - traefik.http.routers.prom.entrypoints=websecure
- traefik.http.routers.prom.tls.certresolver=le - traefik.http.routers.prom.tls.certresolver=le
- traefik.http.routers.prom.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.prom.middlewares=crowdsec-plugin,authelia,security-headers
- traefik.http.services.prom.loadbalancer.server.port=9090 - traefik.http.services.prom.loadbalancer.server.port=9090
cadvisor: cadvisor:
@@ -300,5 +297,5 @@ services:
- traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`) - traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`)
- traefik.http.routers.grafana.entrypoints=websecure - traefik.http.routers.grafana.entrypoints=websecure
- traefik.http.routers.grafana.tls.certresolver=le - traefik.http.routers.grafana.tls.certresolver=le
- traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.grafana.middlewares=crowdsec-plugin,authelia,security-headers
- traefik.http.services.grafana.loadbalancer.server.port=3000 - traefik.http.services.grafana.loadbalancer.server.port=3000