Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial

Поделиться
HTML-код
  • Опубликовано: 17 дек 2024

Комментарии • 194

  • @TechnoTim
    @TechnoTim  2 года назад +9

    New Customers Exclusive - Get a Free 240gb SSD at Micro Center: micro.center/1fbb85 (paid)

    • @borat1
      @borat1 2 года назад +1

      I'm def installing crowdsec on my homelab. Don't want any peepers on my NAS!

  • @fabienbonalair1493
    @fabienbonalair1493 2 года назад +101

    I'm the author of the traefik bouncer, thanks for showing my work! Great video, thank you for the content.
    BTW, it's prononced F bo-na-lair. ;-)

    • @crowdsec
      @crowdsec 2 года назад +18

      :-) Good job, Fabien! We love it!

    • @TechnoTim
      @TechnoTim  2 года назад +17

      Thank you so much! Also, thank you for letting me know how to pronounce your name phonetically!

  • @RaidOwl
    @RaidOwl 2 года назад +76

    Next video: Tim takes jujitsu classes in case someone breaks in to steal his server.

    • @TechnoTim
      @TechnoTim  2 года назад +13

      Ninja vanish 🥷

  • @foakingphelp
    @foakingphelp 2 года назад +45

    Your content keeps getting better and better. Thanks so much for showing us how to geek out even more while keeping ourselves secure!

    • @TechnoTim
      @TechnoTim  2 года назад +2

      I appreciate that! Thank you so much! It gets harder and harder too :)

  • @killua_148
    @killua_148 7 месяцев назад +10

    It would be great if you can revisit this video, since now traefik has an official plugin, the hub auto update itself (no cron needed), the dashboard looks cool, they have a centralized way to manage multiple instances, they added appsec WAF integration and probably more. There arent't many recent tutorials and you're always spot on with yours.

  • @mikeyfoofoo
    @mikeyfoofoo 2 года назад +6

    For a dude that seems to throw around containers like they are nothing, it's nice to see you admit to having to lookup something old-school like crontab. I've been watching your videos to get up to speed on containers.Thanks for the content. You are really good at it!

    • @TechnoTim
      @TechnoTim  2 года назад +1

      Thank you! I always try to share what I know and what I don’t know!

  • @jacksoncremean1664
    @jacksoncremean1664 2 года назад +19

    crowdsec has massive potential and it's great to see that it's getting more love

    • @TechnoTim
      @TechnoTim  2 года назад +1

      Agreed! Huge potential!

    • @crowdsec
      @crowdsec 2 года назад +1

      Thanks for the nice words. Highly appreciated!

  • @fab_spaceinvaders
    @fab_spaceinvaders 2 года назад +6

    Hi mate, u can setup cloudflare bouncer to have crowdsec blacklist shared up to the cloudflare layer. Using it for enterprises u can ask cloudflare to have more than just 10000 ip addresses configured as a list (they raised me to 20k). After some months a bit of improvement is reached that way.
    Happy hardening u all 🎉

  • @Monsieur2068
    @Monsieur2068 2 года назад +2

    For those curious if you lose your api key you can just do docker exec crowdsec cscli bouncers remove bouncer-traefik and just do the add again.

  • @mozzano
    @mozzano 2 года назад +2

    Great tutorial Tim!
    Anyone know of a suitable Crowdsec docker image for arm (Raspberry pi)? I had a look around and couldnt find one. I'd rather install on docker if at all possible.

  • @jhmc93
    @jhmc93 Год назад +1

    I know this vid is a year old, but good video, would you do a guide for the nginx proxy manager with crowdsec?

  • @DNAblue2112
    @DNAblue2112 Год назад

    As usual, absolutly epic guide that made it easy for me to get this up and running. thanks heaps!

  • @virusbcn6472
    @virusbcn6472 2 года назад +1

    Very interesting Tim 👌
    Happy to view more smiles 😜

  • @aryelinux9676
    @aryelinux9676 2 года назад

    Tim the King!! as always - thanks for the video - keep them coming - learned a lot!

  • @pewter77
    @pewter77 2 года назад +3

    I just set this up, be aware that if you're running behind a reverse proxy like cloudflare the traefik bouncer here doesn't use the correct IP address due using the incorrect header value.

    • @TechnoTim
      @TechnoTim  2 года назад

      I noticed that too and there is a PR out there for it. According the CrowdSec though, CloudFlare IPs are on their global allow list so they can’t be blocked. Hopefully the PR gets merged to look at the real ip in the header

    • @pewter77
      @pewter77 2 года назад +1

      @@TechnoTim The main problem isn't cloudflare IPs getting banned, it's that the bouncer doesn't block anything because it reads the headers and asks CrowdSec for information on the wrong IP.
      The PR is mine, I'm running it currently on my machine and it works well so hopefully the dev comes back soon!

    • @TechnoTim
      @TechnoTim  2 года назад

      Ah! Nice! Thank you! I have been watching that issue! Looks like it was merged!

  • @bronxandbrenx
    @bronxandbrenx 2 года назад

    You are now my master in networking.

  • @francoisdeslauriers5940
    @francoisdeslauriers5940 2 года назад +1

    excellent document, I installed it , but had an issue witth the bouncer, even if the manual added ip deciscion is properly added to the list, the bouncer does not blocks ,

  • @toshy50
    @toshy50 2 года назад +4

    I'm already using Traefik so now I'm definitely gonna check out CrowdSec. Looks cool and easy to configure. Thanks for another awesome and easy-to-follow tutorial!
    FYI, isn't the GID value in the docker-compose file supposed to have colon to specify the default value "${GID:-1000}" ?

  • @Smoothi0815
    @Smoothi0815 11 месяцев назад +1

    Hey @TechnoTim,
    did you tried the Metabase Dashboard? It works fine, but after compose recreation the credentials are default again. Were can i find the credential information to persist?

  • @alphapapa77
    @alphapapa77 Год назад

    14:45 - I have the folder but no logs. When I exec into traefik there are both the log files. I've gone through my yml files 5 times now a nd rewatched the video to this point a few more. My networks are the same. Maybe there is something different being I am trying a year after your post?

  • @danielcronk739
    @danielcronk739 2 года назад +2

    Thanks for the great tutorial and video. I've leared a lot from you over the last few months. After working through this and installing I have a question I'd like your input on. When proxying through Cloudflare, crowdsec is analyzing the Cloudfare IP, not the real IP of the client. Now I can imagine how this may be useful if someone decides to attack the IP directly or somehow gets around Cloudflare (I can't even begin to imagine how that's even possible), but I have my firewall to only accept connections from Cloudflare IPs on 80/443. So in that instance, can you still see any benefit to crowdsec? I know there are some complicated ways to have traefik be able to see the real IP from Cloudflare, but I haven't attempted that yet.

    • @TechnoTim
      @TechnoTim  2 года назад +1

      I think there is a PR out there to fix this!

    • @ColinEditz
      @ColinEditz 2 года назад

      Hi Daniel, I appreciate the kind of higher level thinking of your comment. I have the exact same setup in regard to Cloudflare and only accepting Cloudflare IPs on 80/443, and had not thought of this yet. I wonder if you have done any more thinking about this. Are you still running Crowdsec or have you deemed it unnecessary? I see there is also a Cloudflare-Bouncer, which seems to take a different approach and updates your firewall settings in Cloudflare itself. Curious to hear what you think.

  • @ChrisDePasqualeNJ
    @ChrisDePasqualeNJ 2 года назад +4

    Hey Tim, great video appreciate all your hard work. I've been trying to install crowd sec for some time now in my environment. I have two raspberry pi's one 32 bit and one 64 bit. Crowd sec has given some instructions on how to install on arm but my Linux skills are lacking and well they don't show us like you do. Also I don't use traffic I use nginx reverse proxy. Should I even try or should I keep waiting for someone to make a video specifically for raspberry pi crowd sec with Nginx and docker.

    • @dermuschelschluerfer
      @dermuschelschluerfer 2 года назад +1

      I wouldnt run an ips firewall on a raspberry pi. Its like showing everyone you have a tank in the garden to defend your country but in reality that tank is just out of cardboard. The performance wont hold up.

    • @TechnoTim
      @TechnoTim  2 года назад +3

      I’d give it a shot over waiting, but that’s just me!

    • @philippehumeau7972
      @philippehumeau7972 2 года назад +1

      The most likely place to find help on this topic is CrowdSec discourse server or the discord one (just google them)

  • @emileclevers2178
    @emileclevers2178 2 года назад +1

    Hi Tim ! How do you enroll your Crowdsec container in the cloud console ? I've done it with the cscli command but it needs to be done again after each re-creation ...

  • @chrisrisley1324
    @chrisrisley1324 2 года назад +3

    Hey, Tim. Really enjoying the channel and Discord. I have a question not crowdsec related but something I noticed in the video. Would you mind going into some detail on the ip whitelist(s) for Traefik? Couple of us trying to get it figured out and not having much luck. Definitely implementing crowdsec now!

    • @TechnoTim
      @TechnoTim  2 года назад +1

      Thanks! I might at some point or you can all join our discord! Some folks use it in there!

    • @chrisrisley1324
      @chrisrisley1324 2 года назад

      @@TechnoTim, cool. We’re there. Great place.

    • @crowdsec
      @crowdsec 2 года назад

      That sounds great!

  • @TechnoTim
    @TechnoTim  2 года назад +2

    How do you protect your services?

    • @haniel9079
      @haniel9079 2 года назад +2

      I watch your videos and use them in the home lab. (it is a work in progress).
      I also use a vpn and an ip whitelist.

  • @docteurzoidberg
    @docteurzoidberg 2 года назад +1

    Thanks a lot ! Please show us how you configure a proxmox log parser, or iptables bouncer on an episode #2, would love it

  • @denzilhoff6026
    @denzilhoff6026 2 года назад +3

    Instead of crontab, you might want to get familiar with systemd timers. Much easier to manage in my opinion.

    • @TechnoTim
      @TechnoTim  2 года назад +1

      Good call!

    • @mikeyfoofoo
      @mikeyfoofoo 2 года назад

      @@TechnoTim Maybe systemd timers would make a good video?

  • @VillSid
    @VillSid 2 года назад +1

    Question: Won't access log grow to infinity? How big is your access.log file right now? What should be the cap?
    Request: Can you make an update to Grafana monitoring guide using influxdb and adding consolidating the alerts including crowdsec? I just want "BOGOOGA" sound alert on my phone if I am getting DDosed.

    • @crowdsec
      @crowdsec 2 года назад +1

      You should join our Discord and ask about the Grafana stuff if you want fast help. Also you can setup a number of notifications on CrowdSec when a scenario triggers. So basically your DDoS scenario would trigger an alert which would then be sent to your phone. No problem with CrowdSec.

  • @PriyankuBaruah
    @PriyankuBaruah 2 года назад +1

    How did you get Cloudflare to forward the real IP? In your case if you use Cloudflare which I think you do, the ban only worked because you have a local DNS. Banning your IP would otherwise do nothing because traefik and hence crowdsec would always see the Cloudflare IP assuming you have reverse proxy set up in CF

  • @koevoet7288
    @koevoet7288 2 года назад +2

    Why dont you just use bind mounts instead of docker volumes? Aren’t binds easier to use and backup?

    • @TechnoTim
      @TechnoTim  2 года назад +4

      I did bind mount the only thing I want backed up, the config. The rest (like logs) is in a docker volume which I don't care too much about. Also, their docs say to do it like this and I had issues trying to bind locally.

  • @alphacraft9658
    @alphacraft9658 3 месяца назад +1

    How does it even work for you. All IPs are the network bridge gateway and it doesn't work for me. 😢

  • @MichaelKliewe
    @MichaelKliewe 2 года назад +1

    I guess I would have started the bouncer before crowdsec, so that it's available when crowdsec starts up. Which means: crowdsec should depend on the bouncer. Am I wrong?

    • @crowdsec
      @crowdsec 2 года назад

      No since you can run everything distributed on different servers. You can have one agent receving logs from multiple other servers and controlling bouncers on remote firewalls, even across operating systems. So we can't depend the installation of the bouncer in the agent. And that is by design :-)

  • @apscandy
    @apscandy 2 года назад +2

    I have been using crowdsec on my Debian server for the past week but I had no idea they Docker images and docker bouncers

    • @TechnoTim
      @TechnoTim  2 года назад

      You can ignore those ENV for k8s. They should have access to write to their PVC

    • @crowdsec
      @crowdsec 2 года назад

      Great to hear. CrowdSec is available on a lot of platforms :-)

  • @Oktarin0-0
    @Oktarin0-0 4 месяца назад

    Hey Techno, amazing video! I was really exciting when I managed to config Crowd for read the traefik logs.
    I have a question unu
    Is it possible to configure Crowdsec to allow the connection from a specific origin, and ignore or prevent access to my service from other origins different from the domain I defined? The context is that I need to secure a backend that is exposed to the internet via traefik and an external frontend needs to consume it.

  • @ph4nt0mcz130
    @ph4nt0mcz130 2 года назад +1

    What is nice? A great selfhosted solution. What is even better? A solution with awesome graphics!

  • @fbifido2
    @fbifido2 2 года назад +2

    can you show how to run crowdsec with nginx proxy manager ??

  • @michaelk7321
    @michaelk7321 2 года назад +1

    Good video, Unfortunatly I found crowdsec to be buggy when blocking ssh so I went back to fail2ban.

  • @calvin_thefreak
    @calvin_thefreak 2 года назад +1

    One thing, that you still dont follow: you dont capsule your services from another.
    You just use ONE network: "Proxy" if you want to protect your services even more, you should create seperate containers between the traefik and services like heimdall and co.

    • @TechnoTim
      @TechnoTim  2 года назад +2

      Thanks! I break up my compose files. Also, don't all services that are served through he reverse proxy need to be on the same docker network to proxy through?

  • @aredcat1
    @aredcat1 2 года назад +1

    Hi, what extension do you use for highlighting arrays in the stack!?) it very useful

  • @2metal4you28
    @2metal4you28 10 месяцев назад

    never been happier to have a cleaned up Johnny Depp show me the way

  • @V3ritas1989
    @V3ritas1989 2 года назад +1

    In europe stuff like this is always a pain to check if it is in line with GDPR

    • @crowdsec
      @crowdsec 2 года назад +2

      We're based in EU so GDPR is obviously taken into consideration. The only data that's being collected is the ip of the offender, timestamp and metadata on the attack (=which scenario triggered). So nothing to worry about in terms of GDPR.

  • @exact-estimate
    @exact-estimate 2 года назад +1

    Hey, great vids, just started self hosting, you're giving me too many ideas...
    Anyway, I'd love a video covering how you might have setup services that use SMTP/email settings. Thinking WordPress, Vaultwarden etc. Thinking to have a single SMTP relay that everything points to, which then forwards out via Gmail/X service.

    • @TechnoTim
      @TechnoTim  2 года назад +1

      If you want ideas, check out ruclips.net/video/IE5y2_S8S8U/видео.html 😀😀

    • @exact-estimate
      @exact-estimate 2 года назад

      @@TechnoTim nooooooo 😝 my wife has enough things breaking already

  • @edb75001
    @edb75001 2 года назад +1

    Man, I absolutely love your content and knowledge. Definitely appreciate ya'...

    • @TechnoTim
      @TechnoTim  2 года назад +1

      Thank you so much. That means a lot!

  • @GSGWillSmith
    @GSGWillSmith 2 года назад

    Thank for the video! I would really appreciate a tutorial for using this with nginx proxy manager as well. I'm trying to figure it out, but I haven't gotten it to work yet!

  • @festro1000
    @festro1000 2 года назад +1

    Sounds great, but this is not only open sourced but the database is managed by the community; what's to stop bad actors from listing valid sites as malicious? wouldn't that make this it's own kind of ddos attack if people can't access a site because someone fraudulently added it to a block list?

    • @crowdsec
      @crowdsec 2 года назад +1

      That's a good question. Very shortly described it's based on trust level but servers who report; the longer time they have sine so reliably, the higher trust ranking and the more do they count when determining wheter an IP is bad or not. Also, an ASN only gets one count. All this and more exists to make poisioning as expensive and hard as possible. If you have more questions, feel free to go to our Discord.

    • @festro1000
      @festro1000 2 года назад

      @@crowdsec Ok thanks, a few more things to consider would be oversight, I read that a university was banned despite making years of commits to Linux for posting some intentionally bad commits, and you said that an ASN only gets one count are their measures taking botnets into consideration? because I can't imagine it would be hard for someone with a large botnet spoofing an address to make it seem malicious.

    • @crowdsec
      @crowdsec 2 года назад

      @@festro1000 Where was the university banned? Was this in relation to CrowdSec? No, we're only taking their actual behaviour in terms of how realiably they send signals into consideration.
      Could you elaborate on the spoofing part?

  • @mormantu8561
    @mormantu8561 2 года назад +2

    Maybe I'm missing something. But didn't you configure a conditional forward in your UDM Pro so that only traffic from Cloudflare gets allowed? In other words, if the rest of the packets gets dropped, what's the advantage of this?

    • @TechnoTim
      @TechnoTim  2 года назад +2

      Helps if someone or something makes it past Cloudflare. It adds IPS to my Traefik instance

    • @mormantu8561
      @mormantu8561 2 года назад

      @@TechnoTim But if someone makes it past Cloudflare the traffic gets dropped by your firewall right? So it doesn't reach your Traefik instance.

    • @wyattarich
      @wyattarich 2 года назад +2

      @@mormantu8561 Why would Cloudflare be the only thing that can reach Traefik? There's a lot to connect to out there... What if someone SSH tunnels to an unlucky internal device that's been compromised in order to pivot around inside the network? Better to have multiple walls to climb than just one you can walk around.

    • @mormantu8561
      @mormantu8561 2 года назад +1

      @@wyattarich True, but in another video he showed us that traffic on http(s) to his Traefik instance is only allowed from Cloudflare IP addresses. My comment was about why he would implement this if he has that rule, but come to think of it, maybe he means if Cloudflare fails to detect a threat. Whereas I thought that he meant what if someone or something bypasses Cloudflare entirely.

    • @TechnoTim
      @TechnoTim  2 года назад +1

      That's right. I don't mean that someone circumvented cloudflare, I mean that cloudflare's bot detection might not catch all bad actors, where this is yet another line of defense.

  • @manuelthallinger7297
    @manuelthallinger7297 2 года назад +1

    The Core Question for me is, can i make Trafik work behind an HaProxy. I have atm a haproxy running in my pfsense and i would like to keep that, but trafik with crowdsec would be a nice addition?
    What IP does Crowdsec ban ? For example can i tell it to ban cf-connecting-ip ?

    • @philippehumeau7972
      @philippehumeau7972 2 года назад +1

      well here you can use crowdsec with opnsense, ha proxy, nginx or as a container so quite some flexibility :) Ip are banned base on the sightings of all user of the community and curated by CrowdSec to avoid false positives and poisoning.

    • @manuelthallinger7297
      @manuelthallinger7297 2 года назад

      @@philippehumeau7972 Played around with it, atm still behind my haproxy and works well. I noticed some problems over the time with running software behind cloudflare. Some software is intelligent enough to recognize the real ip ( it can be seen through the CF-Connecting-IP Header), some just see the Cloudflare IP and the last thing I would want it to do is to block the Cloudflare ips =) the only thing really missing from traefik is brotli, but that's just personal preference

    • @crowdsec
      @crowdsec 2 года назад +1

      @@manuelthallinger7297 No matter what there are ips that can't be blocked. Clouflare and other CDN provider's ips are among those.

  • @procheeseburger_2
    @procheeseburger_2 2 года назад +2

    Great video! I think I’ll deploy this at least on my Docker-Web server.

  • @zedzed4238
    @zedzed4238 2 года назад

    I always see these videos with crowd-sec, fail2ban, etc, and I want to add these to my setup, but what I always see left out is the explanation of what happens to self-hosted content that isn't accessed exclusively from a browser? Like emby/plex wallabag bitwarden, etc, that have a mobile app integration and even a possible chrome extension?
    Do they just break unless the app-code is specifically built to work with it? because it seems like crowdsec and f2b work by placing a sort of http "basic-auth" layer in front of it and forwarding the creds to the app and then logging the apps response and sifting through those logs with the bouncers etc, unless I misunderstood that, and if that's the case, what if the chrome extensions for bitwarden and the mobile apps for emby/plex aren't setup to expect that middleware layer between the emby server and the mobile app? For example, does the bitwarden mobile app need to be specifically developed to expect that middleware layer or is it a seemless interception of the creds the mobile app passes to what it thinks to be the bitwarden server and is in reality the traefik/crowdsec middleware? An alternative would be if the middleware just passes through traffic that has http-headers/user agent strings that identify it as a mobile app to maintain compatibility because it doesn't deal with mobile apps, but what stops bots from just using that user-agent string to bypass the middleware if that's how it works?
    Again If anyone has experience with this i'd love to hear any explanations or corrections of misunderstandings i might have. It's one of those things that i've searched the docs for but it seems like i won't know it it works or not until i attempt it unless someone else has already and can share their experience

  • @KeshavSreekumar
    @KeshavSreekumar 2 года назад +2

    Will this still work through cloudflare, specifically does it know how to parse the cloudflare forwarded IP field?

    • @TechnoTim
      @TechnoTim  2 года назад +1

      It should be able to parse the header however I just noticed there is a PR to fix a bug with it, hopefully it gets merged! ☝️

  • @klauss35
    @klauss35 4 месяца назад

    Are you planning to do a crowdsec nginx proxy manager video tutorial? awesome video by the way but sadly i don't use treafik

  • @notdefined5768
    @notdefined5768 2 года назад

    what a brilliant video. i was thinking crowdsex not to long ago... but decided on a not yet... but maybe... hmm... i have a question though. What do you use for monitoring your network/home lab for failures/outages/etc etc ? I was looking at nagios but decided to stop looking there since core was note updated in 2 years... And the options are almost infinite... i'm a but lost at this point...

    • @TechnoTim
      @TechnoTim  2 года назад

      Thanks! Check out my video on Uptime Kuma!

  • @howling-wolf
    @howling-wolf 8 месяцев назад

    wait in the end it sounds like i have to manually add ips to the descsions list. I thought this is an automatic thing that bans any IP that appears SUS to my instance or is already known to be sus.

  • @ivlis32
    @ivlis32 2 года назад +1

    How do you configure crowdsec to download their ban list and apply to your instance? Or is it automatic? This is kind of the whole point.

    • @philippehumeau7972
      @philippehumeau7972 2 года назад

      it's automatic (based on the scenario you run). you can list the content from the list with cscli

  • @speedhunter787
    @speedhunter787 Год назад

    crowdsec and traefik seem to be seeing my docker bridge network gateway IP, not the client IP, so crowdsec doesn't seem to be working for me. Do you know what I would do to resolve it?

  • @TechnoTim
    @TechnoTim  2 года назад

    New Customers Exclusive - Get a Free 240gb SSD at Micro Center: micro.center/1fbb85 (paid)

  • @coletraintechgames2932
    @coletraintechgames2932 2 года назад +1

    Your my boy blue!
    And I understand why you did this, and I am glad you made a video! Seriously
    But I don't know what you are talking about. You went from cards you colored with a crayon yourself to this... Quite a leap! Especially for me!
    Like I said, I'm glad you did it. Seriously. And in about 3 years when I have caught up with you, I will be thankful! Ha ha keep up the good work. Lots of your vids meant nothing at first and then a few months later, I was on bord.

  • @rottison
    @rottison 2 года назад

    Hi just wanted to ask u about your rack, on the bottom of it you have a 24 bay disk shelf what did you use to mount it in the rack? was it a Adjustable Rack Mount Server Shelf Rails 1U?

    • @TechnoTim
      @TechnoTim  2 года назад

      You can find all the gear I recommend here! kit.co/TechnoTim

  • @AburaGamer
    @AburaGamer 4 месяца назад

    2024 and I used this to learn about this. Still good to go

  • @thefrisianclause
    @thefrisianclause 2 года назад +2

    Well atleast you can say that the security information that you have been providing to us, works in with evidence :)

  • @bladrbrettel6511
    @bladrbrettel6511 2 года назад

    hey it's me again I'm have a question, with that configuration you will not have logs on the the stdthing (out/err/in) don't remember witch one docker logs use, that's OK for crowdsec that need that aparently but how to put those logs in loki for grafana ?
    did you try the traefik/grafana/crowdsec combo and how to make those those logs from file in the loki-driver too ?
    thanks :)

    • @TechnoTim
      @TechnoTim  2 года назад

      Haven’t tried it yet but anything that logs to stdout should be captured and sent using my method

    • @bladrbrettel6511
      @bladrbrettel6511 2 года назад

      @@TechnoTim yeah except that for Traefik if you defined a file for the logs it will go to the file no more to stout... So you will have to set another job specific for Traefik, and may be some other container that will do the same: if log file is defined then pour in the file not stout anymore, and doing so I'm woundering how I can recognise that it's logs from container traefik. Using the same seentic in grafana... Or may be we should investigate the logs volume in crowdsec (or in the other way) ask crowdsec to look the logs from the grafana/loki logs directories...

  • @MadChristianX
    @MadChristianX 2 года назад +1

    During you were DDOS attacked I tried to find your article about traeffik 2 and I was lost 😩

    • @TechnoTim
      @TechnoTim  2 года назад +3

      My Traefik guide is here! docs.technotim.live/posts/traefik-portainer-ssl/

    • @MadChristianX
      @MadChristianX 2 года назад +1

      I used your traefik 2 ingres guiide to set up traefik as reverse proxy in my k3s cluster (some Pi's, some x86 VM's and one Mac mini M1). I needed some time to figure out how to route on external endpoints in my network for services that are not in the cluster yet. Thanks to your new guides i will never be bored.

  • @KronosaurusRex
    @KronosaurusRex 2 года назад

    In case you see this, this is blocking every internal service but not the ones that are external. Guess it's due to the ip that we are blocking being internal.

  • @marcello4258
    @marcello4258 2 года назад

    The reason working in crown tabs is confusing is because you shouldn't. You better set it up via crony or similar. Btw same goes for the sudoers file

  • @freddywestside3763
    @freddywestside3763 2 года назад

    That promotion has been going on for so long I'm really starting to wonder if they got an amazing deal on a container full of 240gb SATA SSDs or added a 0 to an order right before the price came down on 500's.

    • @TechnoTim
      @TechnoTim  2 года назад

      It is generous! They have amazing deals on everything :)

    • @freddywestside3763
      @freddywestside3763 2 года назад

      @@TechnoTim I'm a fan of Microcenter, just can't spend much money with them because they don't have a store near me and their web presence I so limited, and it is a great promotion. I'm just saying that after two years it's starting to feel like a creative solution to a massive overstock 😂

  • @steaders82
    @steaders82 2 года назад

    Hi Tim
    I'm having an issue that it only works for me when I block a local (docker) IP.
    If I block my public IP it still permits access.
    When I view the logs it only shows the local addresses. Any ideas??
    Thank you

    • @TechnoTim
      @TechnoTim  2 года назад

      I thought there might have been a bug that was recently fixed

    • @steaders82
      @steaders82 2 года назад

      @@TechnoTim I got it working. I added a second interface on 'host' that seemed to fix it
      Nice videos BTW. I've been in the game 15 years and still learning 🇬🇧

  • @joelang6126
    @joelang6126 2 года назад

    Tim what's the music during the crowd sec intro section.

    • @TechnoTim
      @TechnoTim  2 года назад +1

      It's in the description!

  • @brianmccullough4578
    @brianmccullough4578 2 года назад +1

    Micro center is like Disney land

    • @TechnoTim
      @TechnoTim  2 года назад

      Agreed! That's how I feel when I walk in!

  • @DigitEgal
    @DigitEgal 2 года назад +1

    Collaborative Open Source is the future

    • @TechnoTim
      @TechnoTim  2 года назад

      agreed!

    • @crowdsec
      @crowdsec 2 года назад

      We approve of this message!

    • @bladrbrettel6511
      @bladrbrettel6511 2 года назад +1

      Open Source is collaborative by definition, I would have said it's the past, the present, and must improve in the future ;)

  • @mitchross2852
    @mitchross2852 2 года назад +2

    This is really good. Thanks for putting this together.

  • @408427
    @408427 6 месяцев назад +1

    Can we get a updated video

  • @striderstache99
    @striderstache99 Год назад

    I got hit with almost 8,000 requests on my Synology in three days. I watched the notification stream up into the notification box at a rapid enough pace I was legit afraid lol. Luckily I had protections in place because oh myyyy

  • @DaPanda19
    @DaPanda19 2 года назад +1

    Calmly waiting on your Turing Pi cluster video... I.... Promise..... :)

    • @TechnoTim
      @TechnoTim  2 года назад +1

      I'm working on it!

    • @DaPanda19
      @DaPanda19 2 года назад

      @@TechnoTim no rush! Just excited to follow along! (Assuming the format of the vid). Have 1 Pi4 8GB, 2 Pi4 4GB, and 3 Jetson Nano 2GB that I wanna use :)
      Sorry just excited!
      Also thank you for getting me into homelabbing! Really appreciate it!

  • @themorpheusmm
    @themorpheusmm 2 года назад +2

    Windows is not yet supported

  • @typkrft
    @typkrft 2 года назад

    The container has crontab in it. Just mount a script with cscli hub update && cscli hub upgrade to /etc/periodic/hourly.

  • @Kevin-oj2uo
    @Kevin-oj2uo Год назад

    Would this be the same as the plugin that is available for traefik?

  • @chrisumali9841
    @chrisumali9841 2 года назад

    Thanks for the demo and info, have a great day

  • @krishnegowdaa.h2271
    @krishnegowdaa.h2271 Год назад

    When I'm using CF proxy how to get real ip to crowdsec ?

  • @cbaservs
    @cbaservs 9 месяцев назад

    seems still pretty complex but i feel following the steps it can be done

  • @PeterFortuna
    @PeterFortuna 2 года назад +1

    Love your stuff

  • @ioxmedia
    @ioxmedia Год назад

    Install starts at 5:15

  • @RonDLite
    @RonDLite 2 года назад +2

    Those 1.2m people should have clicked subscribe, those get through!

    • @TechnoTim
      @TechnoTim  2 года назад +1

      That's what I'm talking about!

  • @dontworry7127
    @dontworry7127 10 месяцев назад

    Very well explained but you dont have the files on github :(

    • @TechnoTim
      @TechnoTim  10 месяцев назад +1

      The link is in the description :(

  • @NovaCayn
    @NovaCayn 2 года назад +2

    Will this work with Nginx Proxy Manager?

    • @TechnoTim
      @TechnoTim  2 года назад

      Not sure, check their docs!

  • @primenetwork27
    @primenetwork27 10 месяцев назад

    How do i reseve proxy outside doxker

  • @BrianThomas
    @BrianThomas 11 месяцев назад

    I know he's going slow, which is helpful, but I just want to do a temperature check in the comment section. Does anyone fully get what he's saying?

  • @thbe51
    @thbe51 Год назад

    Late for the Party but thanks anyway. Works perfect!! 🙂🙂

  • @MrHjscott
    @MrHjscott 2 года назад

    Thanks!

  • @Trotroyanas
    @Trotroyanas 2 года назад

    hi, you have a github with this complete solution ?

    • @TechnoTim
      @TechnoTim  2 года назад +1

      In my docs, and in github

    • @Trotroyanas
      @Trotroyanas 2 года назад

      ​@@TechnoTim yes i think found :) thank you

  • @Rundik
    @Rundik 2 года назад

    You can not protect your home lab against ddos. I suggest you not to waste time on this unless your home is inside a datacenter. Even if you set an ip whitelist to all ports and protocols it's not going to protect you. If your bandwidth can't handle it, there is nothing you can do. There is a possibility to use bgp flow to your advantage, but I don't know a single home internet provider who supports it and even then it's really limited

    • @Rundik
      @Rundik 2 года назад

      Just keep using proxy man

    • @Rundik
      @Rundik 2 года назад

      And against brute force attacks and vulnerability scanning you should just use WAF for public services and VPN server for maintenence and stuff

    • @TechnoTim
      @TechnoTim  2 года назад

      You can protect your homelab against DDOS by using Cloudflare which hides your public IP and points incoming traffic to their proxy which has DDOS protection.

  • @t288msd
    @t288msd Год назад

    works a treat. cheers!

  • @chandler-barry
    @chandler-barry 11 месяцев назад

    ur awesome tim

  • @onehumanwasted4228
    @onehumanwasted4228 2 года назад +1

    It works 🙂

  • @xandercode
    @xandercode 2 года назад

    Informative video. It's not nice whoever did the ddos, did it in the first place. properly for internet cred if that a thing 😁😂

    • @TechnoTim
      @TechnoTim  2 года назад

      haha! I agree! It was all blocked but scary / awesome to see!

  • @Mark-xj6ry
    @Mark-xj6ry Год назад

    "ah-quiz" file, youre welcome

  • @PeterBatah
    @PeterBatah Год назад

    Acquis is pronounced "A Key"

  • @mmospanenko
    @mmospanenko 4 месяца назад

    Crowdsec? Seriously 😅

  • @bladrbrettel6511
    @bladrbrettel6511 2 года назад

    Hi Tim,
    I tried crowdsec on traefik, but I think authelia is getting in the way ! I did many try to connect on my phone but no log in traefik yet when I want to see the log of the authelia application I can see the log : Unsuccessful 1FA authentication attempt by user '' and so far CS did not decide to block those try !
    so it's great to block already known IPs I looking forward to an update so we can add authelia in the survey of CS :)
    I already found the collection and configuration now I need to put that togather and add a new aquisition in the list, but that part is a bit clouded for 1 folder it's clear, cristal clear, but can I add other foler with other labels... and what abount a bouncer for that app? may be it's not needed cause the app that will block is traefik; I'ld like to get the logs of the server hosting docker to be analysed too; to be sure no brute force will be attempted on my ssh even if I'm a no password guy I'd like to get those metrics in CS ;)
    So here you gave me way to criticaly upgrade my securiity :D
    again thanks dude :)

    • @bladrbrettel6511
      @bladrbrettel6511 2 года назад

      found part of the solution by putting the /etc/crowdsec/config.yaml file out of the container and changed the line acquisition_path to acquisition_dir and and create a folder in my mounted directory to put those acquisitions files instead of just having one file...

    • @bladrbrettel6511
      @bladrbrettel6511 2 года назад

      Hey I managed to get my phone blocked with multi testing wrong user and of course password \o/
      So now that's done ! Extracting the configuration file and replace with no typo (I had a few so I had to precise) the path by a dir you can now put more than one file to the inquisition ;)
      And I just thought that I could just mount the file of my host to the CS pod so CS could do it's magic too for bad guys trying to ssh in even if the challange ssh key is stronger than password that does not mean you should put no security espacialy in those dark times ! xD
      So basicaly now the only thing is to do it now... yet for this one I think I should add a bouncer but how to give it access the system FW 🤔May be I will look at the bouncers and invest in a true FW it will not be lost xD
      1 am here, need to sleep this over ;)