diff --git a/docker/docker_start.sh b/docker/docker_start.sh index b9fe225d1..a601fef6c 100644 --- a/docker/docker_start.sh +++ b/docker/docker_start.sh @@ -16,6 +16,15 @@ if [ "$DISABLE_ONLINE_API" == "" ] && [ "$CONFIG_FILE" == "" ] ; then fi fi +# crowdsec sqlite database permissions +if [ "$GID" != "" ]; then + IS_SQLITE=$(yq eval '.db_config.type == "sqlite"' /etc/crowdsec/config.yaml) + DB_PATH=$(yq eval '.db_config.db_path' /etc/crowdsec/config.yaml) + if [ "$IS_SQLITE" == "true" ]; then + chown :$GID $DB_PATH + fi +fi + ## Install collections, parsers & scenarios cscli hub update cscli collections upgrade crowdsecurity/linux diff --git a/examples/docker-compose/README.md b/examples/docker-compose/README.md new file mode 100644 index 000000000..650c4a4a6 --- /dev/null +++ b/examples/docker-compose/README.md @@ -0,0 +1,37 @@ +# Docker Compose + +This example explains how to integrate Crowdsec in environment deployed with docker-compose. It set up multiple containers : + +![Schema](schema.png) + +This example contains multiple containers : +* app : apache server serving index.html containing an `hello world` +* reverse-proxy : nginx that serving this app from the host +* crowdsec : it will read reverse-proxy logs from the shared volume +* dashboard : we use [metabase](https://hub.docker.com/r/metabase/metabase) to display crowdsec database data. + +We have chosen the simplest way to collect logs (by sharing volumes between containers), if you are in production, you are probably using logging-driver to centralize logs with rsyslog or another driver, so don't forget to adapt the crowdsec docker-compose configuration to read the logs properly. + +**Prerequisites:** [Docker](https://docs.docker.com/engine/install/) / [Docker Compose](https://docs.docker.com/compose/install/) + +## Step 1: Run all services in docker-compose.yml + +[docker compose file](docker-compose.yml) contains the yaml configuration to deploy all the containers together by on command. + +Deploy the stack using : `docker-compose up -d` + +Then to see the status : `docker-compose ps` + +## Step 2: Install & Configure bouncer on host + + +## Step 3: Configure dashboard + +The dashboard is deployed using static metabase.db ([explained here](https://docs.crowdsec.net/faq/#how-to-have-a-dashboard-without-docker)), so you have to use the defaults credentials to connect to the database, then update immediatly those credentials. + +Then you need to update the crowdsec database path : +* Go to `http://localhost:3003/` and connect with defaults credentials +* Go to `http://localhost:3003/admin/databases/2` and modify the file path `/var/lib/crowdsec/data/crowdsec.db` +* Save changes and go back to the home, you'll see the active decisions pulled from the online API. + +## Step 4: Simulate an attack and check detection + prevention diff --git a/examples/docker-compose/app/index.html b/examples/docker-compose/app/index.html new file mode 100644 index 000000000..93b493a51 --- /dev/null +++ b/examples/docker-compose/app/index.html @@ -0,0 +1 @@ +Hello world ! \ No newline at end of file diff --git a/examples/docker-compose/crowdsec/acquis.yaml b/examples/docker-compose/crowdsec/acquis.yaml new file mode 100644 index 000000000..6273c7726 --- /dev/null +++ b/examples/docker-compose/crowdsec/acquis.yaml @@ -0,0 +1,4 @@ +filenames: + - /var/log/nginx/example.*.log +labels: + type: nginx \ No newline at end of file diff --git a/examples/docker-compose/crowdsec/dashboard/Dockerfile b/examples/docker-compose/crowdsec/dashboard/Dockerfile new file mode 100644 index 000000000..002484a3c --- /dev/null +++ b/examples/docker-compose/crowdsec/dashboard/Dockerfile @@ -0,0 +1,3 @@ +FROM metabase/metabase + +RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/ \ No newline at end of file diff --git a/examples/docker-compose/docker-compose.yml b/examples/docker-compose/docker-compose.yml new file mode 100644 index 000000000..7109569d6 --- /dev/null +++ b/examples/docker-compose/docker-compose.yml @@ -0,0 +1,53 @@ +version: '3' + +services: + app: + image: httpd:alpine + restart: always + volumes: + - ./app/:/usr/local/apache2/htdocs/ + + reverse-proxy: + image: nginx:alpine + restart: always + ports: + - 8000:80 + depends_on: + - 'app' + volumes: + - ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf + - logs:/var/log/nginx + + crowdsec: + image: crowdsecurity/crowdsec:v1.0.7 + #build: ../.. + environment: + COLLECTIONS: "crowdsecurity/nginx" + GID: "${GID-1000}" + depends_on: + - 'reverse-proxy' + volumes: + - /home/hess/cs/crowdsec/docker/docker_start.sh:/docker_start.sh + - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml + - logs:/var/log/nginx + - crowdsec-db:/var/lib/crowdsec/data/ + - crowdsec-config:/etc/crowdsec/ + + dashboard: + build: ./crowdsec/dashboard + ports: + - 3003:3000 + environment: + MB_DB_FILE: /data/metabase.db + MGID: "${GID-1000}" + depends_on: + - 'crowdsec' + volumes: + - crowdsec-db:/metabase-data/ + links: + - crowdsec + +volumes: + logs: + crowdsec-db: + crowdsec-config: \ No newline at end of file diff --git a/examples/docker-compose/reverse-proxy/nginx.conf b/examples/docker-compose/reverse-proxy/nginx.conf new file mode 100644 index 000000000..c2a381224 --- /dev/null +++ b/examples/docker-compose/reverse-proxy/nginx.conf @@ -0,0 +1,24 @@ +worker_processes 1; + +events { worker_connections 1024; } + +http { + + sendfile on; + + upstream docker-app { + server app:80; + } + + access_log /var/log/nginx/example.access.log; + error_log /var/log/nginx/example.error.log; + + server { + listen 80; + + location / { + proxy_pass http://docker-app; + proxy_redirect off; + } + } +} \ No newline at end of file diff --git a/examples/docker-compose/schema.png b/examples/docker-compose/schema.png new file mode 100644 index 000000000..584b7a17e Binary files /dev/null and b/examples/docker-compose/schema.png differ