Vaultwarden Collection

Add the Vaultwarden Collection

sudo nano /opt/appdata/crowdsec/docker-compose.yml

version: "3.4"

services:
  crowdsec:
    image: crowdsecurity/crowdsec
    container_name: crowdsec
    expose:
      - 8080
    environment:
      PGID: "1000"
      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve Dominic-Wagner/vaultwarden"
    volumes:
      - /opt/appdata/crowdsec/data:/var/lib/crowdsec/data
      - /opt/appdata/crowdsec:/etc/crowdsec
      - /var/log/auth.log:/var/log/auth.log:ro
      - /var/log/crowdsec:/var/log/crowdsec:ro
    restart: unless-stopped

  crowdsec-traefik-bouncer:
    image: fbonalair/traefik-crowdsec-bouncer
    container_name: bouncer-traefik
    environment:
      CROWDSEC_BOUNCER_API_KEY: YourSuperSecureAPIKey
      CROWDSEC_AGENT_HOST: crowdsec:8080
      GIN_MODE: release
    depends_on:
      - crowdsec
    restart: unless-stopped

networks:
  default:
    external: true
    name: proxy

Add Vaultwarden to the acquis.yml

sudo nano /opt/appdata/crowdsec/acquis.yaml

filenames:
  - /var/log/crowdsec/traefik.log
labels:
  type: traefik
---
filenames:
  - /var/log/auth.log
labels:
  type: syslog
---
filenames:
  - /var/log/crowdsec/vaultwarden.log
labels:
  type: vaultwarden

Enable Logging to file

sudo nano /opt/appdata/vaultwarden/docker-compose.yml

    environment:
      LOG_FILE: "/var/log/vaultwarden/vaultwarden.log"
      LOG_LEVEL: "warn" 
      ROCKET_CLI_COLORS: "off" 
      EXTENDED_LOGGING: "true"
      IP_HEADER: "X-Forwarded-For"

    volumes:
      - /opt/appdata/vaultwarden/database:/database
      - /opt/appdata/vaultwarden/data:/data
      - /var/log/crowdsec:/var/log/crowdsec

PLEASE NOTE

To pass through the correct IP, you will need to enable the real-ip plugin for traefik.

Restart Containers

cd /opt/appdata/vaultwarden; sudo docker-compose up -d
cd /opt/appdata/crowdsec; sudo docker-compose up -d

PreviousAuthelia Collection NextDashboard

Last updated 2 years ago