elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance Traefik configuration to include CrowdSec plugin and update comments for clarity

Browse Source
This commit is contained in:
Mohmmed Elfateh Sabry
2025-08-11 00:52:32 +03:00
parent dc452403b5
commit fe90ceed2e
1 changed files with 15 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
docker-compose.yml
View File

@@ -29,7 +29,7 @@ volumes:
services:
## ─────────────────────────────────────────────
## Traefik — edge router + ACME (HTTP-01)
## Traefik — edge router + ACME (HTTP-01) + CrowdSec plugin
## ─────────────────────────────────────────────
traefik:
image: traefik:v3.1
@@ -55,12 +55,13 @@ services:
# Dashboard/API (internal)
- --api.dashboard=true
# ACME via HTTP-01
# ACME via HTTP-01 (no registrar API needed)
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
# (Alt) Use TLS-ALPN-01 if port 80 is blocked:
# - --certificatesresolvers.le.acme.tlschallenge=true
# Metrics (Prometheus)
- --metrics.prometheus=true
@@ -70,6 +71,10 @@ services:
- --accesslog.filepath=/var/log/traefik/access.log
- --accesslog.bufferingsize=100
- --log.level=INFO
# CrowdSec Traefik plugin (recommended vs sidecar)
- --experimental.plugins.crowdsecbouncer.moduleName=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
- --experimental.plugins.crowdsecbouncer.version=v1.4.4
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik_letsencrypt:/letsencrypt
@@ -91,9 +96,11 @@ services:
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
# CrowdSec forward-auth (reusable)
- traefik.http.middlewares.crowdsec.forwardauth.address=http://traefik-bouncer:8080/api/v1/forwardAuth
- traefik.http.middlewares.crowdsec.forwardauth.trustForwardHeader=true
# CrowdSec plugin middleware (reusable)
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.enabled=true
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapiurl=http://crowdsec:8080/
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdseclapikey=${CROWDSEC_BOUNCER_KEY}
- traefik.http.middlewares.crowdsec.plugin.crowdsecbouncer.crowdsecmode=stream
# Traefik dashboard (protected)
- traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
@@ -167,7 +174,6 @@ services:
environment:
TZ: "${TZ}"
volumes:
# Provide your config at ./authelia/configuration.yml
- ./authelia/configuration.yml:/config/configuration.yml:ro
- authelia_data:/config
networks: [traefik_proxy, internal]
@@ -186,7 +192,7 @@ services:
networks: [internal]
## ─────────────────────────────────────────────
## CrowdSec (LAPI) + Traefik bouncer (forwardAuth)
## CrowdSec (LAPI) — with Traefik plugin
## ─────────────────────────────────────────────
crowdsec:
image: crowdsecurity/crowdsec:latest
@@ -202,7 +208,7 @@ services:
- traefik_logs:/var/log/traefik:ro
networks: [traefik_proxy]
# Auto-register the bouncer once (uses CROWDSEC_BOUNCER_KEY from .env)
# Auto-register the API key used by the Traefik plugin
crowdsec-init:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec-init
@@ -211,17 +217,6 @@ services:
networks: [traefik_proxy]
restart: "no"
traefik-bouncer:
image: crowdsecurity/traefik-bouncer:latest
container_name: traefik-bouncer
restart: unless-stopped
depends_on: [crowdsec, crowdsec-init]
environment:
CROWDSEC_BOUNCER_API_KEY: "${CROWDSEC_BOUNCER_KEY}"
CROWDSEC_AGENT_HOST: crowdsec:8080
GIN_MODE: release
networks: [traefik_proxy]
## ─────────────────────────────────────────────
## Uptime Kuma — status page / checks
## ─────────────────────────────────────────────