Automatic configuration of crowdsec + crowdsec-firewall-bouncer in a single docker image
Installation using docker compose
services:
crowdsec:
image: ghcr.io/klementng/docker-crowdsec:main
container_name: crowdsec
cap_add:
- NET_ADMIN
environment:
- TZ=${TZ}
- COLLECTIONS=crowdsecurity/nginx
- LOCAL_API_URL=http://0.0.0.0:55555 # bind to the following port
volumes:
- ./crowdsec/config:/etc/crowdsec
- ./crowdsec/data:/var/lib/crowdsec/data/
userns_mode: host
network_mode: host
restart: unless-stoppedThis container extends the base docker image of crowdsec. Most setting remain the same as the base image.
The following file are overwritten on startup of container:
- config.yml
- bouncers/crowdsec-firewall-bouncer.yaml
To modify the above files create new .local in the same directory file (i.e. config.yaml.local). More Info:
| Variable | Default | Description |
|---|---|---|
| LOCAL_API_URL | http://0.0.0.0:8080 | *Modified* Set Server listening IP + LAPI url |
| PROMETHEUS_ENABLED | true | Enable prometheus |
| PROMETHEUS_LEVEL | full | prometheus metrics level |
| PROMETHEUS_LISTEN_ADDR | 127.0.0.1 | Set prometheus listening IP |
| PROMETHEUS_LISTEN_PORT | 6060 | Set prometheus listening port |
| Others | Link |