beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
crowdsec/examples/docker-compose
History
erenJag a619e57d7e update schema and readme
2021-02-25 10:29:29 +01:00
..
app fix group permission on database in crowdsec docker image 2021-02-23 12:55:36 +01:00
crowdsec fix group permission on database in crowdsec docker image 2021-02-23 12:55:36 +01:00
reverse-proxy fix group permission on database in crowdsec docker image 2021-02-23 12:55:36 +01:00
docker-compose.yml update network range 2021-02-23 17:38:48 +01:00
README.md update schema and readme 2021-02-25 10:29:29 +01:00
schema.png update schema and readme 2021-02-25 10:29:29 +01:00

README.md

Docker Compose

This example explains how to integrate Crowdsec in environment deployed with docker-compose. It set up multiple containers :

Schema

This example contains multiple containers :

  • app : apache server serving index.html containing an hello world
  • reverse-proxy : nginx that serving this app from the host
  • crowdsec : it will read reverse-proxy logs from the shared volume
  • dashboard : we use metabase to display crowdsec database data.

We have chosen the simplest way to collect logs (by sharing volumes between containers), if you are in production, you are probably using logging-driver to centralize logs with rsyslog or another driver, so don't forget to adapt the crowdsec docker-compose configuration to read your logs properly.

Prerequisites: Docker / Docker Compose

Step 1: Run all services in docker-compose.yml

docker compose file contains the yaml configuration to deploy all the containers together by on command.

Deploy the stack using : docker-compose up -d

Then to see the status : docker-compose ps

Step 2: Install & Configure bouncer on host

Now we have crowdsec up and running, we can deploy the firewall bouncer on the host machine. It will fetch IPs to block from the crowdsec Local API deploy in docker container.

wget https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v0.0.10/cs-firewall-bouncer.tgz
tar xvzf cs-firewall-bouncer.tgz
cd cs-firewall-bouncer-v0.0.10/
sudo ./install.sh

Then you need to create bouncer API key to permit the bouncer to query crowdsec Local API.

$ docker-compose exec crowdsec cscli bouncers add test
Api key for 'test':

   c7eb8d2789dcff96a7aa6fd0b52425ea

Please keep this key since you will not be able to retreive it!

Then add it to the cs-firewall-bouncer config file on the host

sudo vim /etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml

Step 3: Configure dashboard

The dashboard is deployed using static metabase.db (explained here), so you have to use the defaults credentials to connect to the database, then update immediatly those credentials.

Step 4: Simulate an attack and check detection + prevention