Vaultwarden Collection
Add the Vaultwarden Collection
sudo nano /opt/appdata/crowdsec/docker-compose.yml
version: "3.4"
services:
crowdsec:
image: crowdsecurity/crowdsec
container_name: crowdsec
expose:
- 8080
environment:
PGID: "1000"
COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve Dominic-Wagner/vaultwarden"
volumes:
- /opt/appdata/crowdsec/data:/var/lib/crowdsec/data
- /opt/appdata/crowdsec:/etc/crowdsec
- /var/log/auth.log:/var/log/auth.log:ro
- /var/log/crowdsec:/var/log/crowdsec:ro
restart: unless-stopped
crowdsec-traefik-bouncer:
image: fbonalair/traefik-crowdsec-bouncer
container_name: bouncer-traefik
environment:
CROWDSEC_BOUNCER_API_KEY: YourSuperSecureAPIKey
CROWDSEC_AGENT_HOST: crowdsec:8080
GIN_MODE: release
depends_on:
- crowdsec
restart: unless-stopped
networks:
default:
external: true
name: proxy
Add Vaultwarden to the acquis.yml
sudo nano /opt/appdata/crowdsec/acquis.yaml
filenames:
- /var/log/crowdsec/traefik.log
labels:
type: traefik
---
filenames:
- /var/log/auth.log
labels:
type: syslog
---
filenames:
- /var/log/crowdsec/vaultwarden.log
labels:
type: vaultwarden
Enable Logging to file
sudo nano /opt/appdata/vaultwarden/docker-compose.yml
environment:
LOG_FILE: "/var/log/vaultwarden/vaultwarden.log"
LOG_LEVEL: "warn"
ROCKET_CLI_COLORS: "off"
EXTENDED_LOGGING: "true"
IP_HEADER: "X-Forwarded-For"
volumes:
- /opt/appdata/vaultwarden/database:/database
- /opt/appdata/vaultwarden/data:/data
- /var/log/crowdsec:/var/log/crowdsec
PLEASE NOTE
To pass through the correct IP, you will need to enable the real-ip plugin for traefik.
Restart Containers
cd /opt/appdata/vaultwarden; sudo docker-compose up -d
cd /opt/appdata/crowdsec; sudo docker-compose up -d
Last updated