Great tutorial. The pace was just right & well explained - thank you! 🙏 Looking forward to going through your others & hopefully getting Crowdsec working with my caddy reverse proxy soon.
Thank you very much for this video. It really helped me set crowdsec. However, the more I study about crowdsec, I don't think this video is complete. For example we did not configure the nginx logs that crowdsec will monitor. Can you please elaborate on that? Thank you!
thanks for tutorial. Im at the point where Ive added my PC IP to blocklist sucessfully (to test if its working), but still Im able to access my nginx proxy manager. Not sure why it isnt blocked. Any idea? Im running setup in docker compose on synology NAS.
+ tried deleting the auth.log from the compose file. Was up and running but when i try to login with the default credentials it doesn't do anything. No error code nothing just doesnt let me login.
@@geek2gether469 Hey again, Hope you doing well. Is it possible for you to make a guide for a synology setup? I have it kinda working, Getting the alerts but its not blocking anything.
Thanks for this video - very timely for me! This seems to work ok, however I don't seem to be able to access any of my npm hosts that are external to this npm container. I've tried making the network "external", thinking that may be why I cannot access my other docker hosts, but no luck. Not sure if my syntax is correct, but do you have any ideas that may help? networks: crowdsec_proxy: external: true driver: bridge ipam: config: - subnet: 172.20.0.0/16 gateway: 172.20.0.1 Everything else is the same as your .yml file.
My apologies your comment was pushed to spam by youtube and i just saw it today checking my spam. I will advice you use my *.yml file to build your npm. raw.githubusercontent.com/geek2gether/random_files/main/crowdsec-nginx-proxy-manager.yml Also what error message do you get in docker logs?
@@geek2gether469 thanks for the reply. I did manage to get this working fine - turned out to be a DNS issue which I corrected. Works great. I also added the MariaDB option into your .yml file and everything works terrific. Thanks for this!!!
Thanks, great video I subscribed ;-) Just wondering if you could make another video explaining and demonstrating how to implement the CrowedSec Hub configuration into docker apps, as well as how to create your own configuration files? Thanks ;-)
Thanks to you I was able to get it working here, I installed 2 collections list, and running "cscli metrics" I see a lot of logs readed, but out of the 2 collections that I have installed only one blocks malicious activity, one was supposed to protect from the "nikto -h" attack that you showed on the other video, but the only one working is the failed login attempt, I will try to get it working, but I really don't know what I did wrong, the attack logs from "nikto -h" are being parsed but there is no action taking effect
I’m glad it worked. Not sure why it took you two times for it to work. Maybe network issues? Have you checked to make sure the logs don’t have a delay?
Thank you for watching. The developer has stated on his GitHub that this is a side project and he will keep it up to date as he gets the time. Again it’s always best practice to have more than one security tool for exposing web services, so crowdsec alone doesn’t make your server 100% secure. You can always put crowdsec behind an IPS like snort or suricata etc for more security.
I tried to set this up but I cannot get the SSL certificates to actually pull. I just get an internal error message. So looks like I am going to revert to my regular NPM image. UPDATE: I was able to get the SSL certificates by changing the ports to regular mappings (80:8080, 81:8181, 443:4443) but now I just get this error with my certs NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
Thank you for watching. I’m unsure why, did you check your logs? Once you get it all setup and login to the gui management interface for npm setting up certificates should be thesame as the regular npm image.
Hi there, is this still working as for may 2024 or are there some changes? Lepresidente has couple of NPM images hosted on hubdocker, one updated in march (called nginx-proxy-manager) the other just few days ago (called nginxproxymanager). His Github look also outdated, ty
so some background i support two versions on npm currently until the pr's are merged: Lepresidente/nginx-proxy-manager = jlesange/nginx-proxy-manager (up-to-date) (unraid fork I use) Lepresidente/nginxproxymanager = jc21/nginx-proxy-manager (up-to-date)
@@geek2gether469 any chance to have a quick tutorial to setup crowdsec + npm fork by LePresidente nginxproxymanager= jc21/nginx-proxy-manager both on docker? (This is the one which is the most updated) I am struggling about it since 2 weeks but no luck. I tried to follow your video using LePresidente jc21 fork instead but i cannot get it working. There is not much updated and step by step tutorials avaiable around such as yours. Even a text based tutorial will do. Ty a lot. PS i have registered on your hub but i cannot paste things i get 403
@LePresidente thank you for the clarification. I may have to make an updated video about this. However on checking the jc21 docker image it doesn’t have the crowdsec-bouncer* config file to setup crowdsec bouncer parameters. Please correct me if I’m wrong but does your jc21 NPM fork include crowdsec lua bouncer?
Not sure why you could not make a post, but maybe some security filters was blocking you, I corrected that. Once I get an update from Lepresidente, I will make an updated video.
After the install of the docker image, I tried to add a proxy host in NPM but it doesn't forward anything. I tought that since crowsec is not setup yet it should work right away no?
Thank you for watching. Crowdsec doesn’t block until you add a block ip or a rule is triggered. I will need more information specific to your setup to be able to help you. It could be a lot of things causing the issue. Do you get an error when you setup proxy host? Do you have a firewall blocking npm? Are you forwarding using the right protocol? If you choose to have me help, you can open a case on geek2gether.com/community and we can work on it. Screenshots are helpful for troubleshooting but make sure you remove all personal information.
Hello geek2gether thanks for the video and the instructions. The installation works perfectly. However, the IP is set according to the commands: docker exec -it crowdsec cscli decisions add -i docker exec -it crowdsec cscli decisions list systemctl restart docker not blocked. I can open it and log in without any problems. I followed the instructions described exactly and didn't change anything any idea what it could be? greetings Aba
@@geek2gether469 Thanks for the quick reply! Yes, I have done it several times exactly as described - always the same result. the page can be opened like this: sudo -s mkdir /npm cd /npm nano docker-compose.yml insert: version: "3.8" services: nginx-proxy-manager: image: 'lepresidente/nginx-proxy-manager:latest' restart: always ports: - "8181:8181" - "8080:8080" - "4443:4443" environment: TZ: "America/New_York" DISABLE_IPV6: "1" volumes: - "/npm/data/nginx-proxy-manager:/config:rw" - "/npm/data/nginx-proxy-manager/crowdsec/templates:/templates:ro" networks: crowdsec_proxy: ipv4_address: 172.20.0.4 crowdsec: image: "crowdsecurity/crowdsec:latest" container_name: crowdsec expose: - 8080 environment: PGID: "1000" volumes: - "/npm/crowdsec/data:/var/lib/crowdsec/data" - "/npm/crowdsec/config:/etc/crowdsec" - "/var/log/auth.log:/var/log/auth.log:ro" - "/data/logs:/var/log/nginx:ro" restart: unless-stopped networks: crowdsec_proxy: ipv4_address: 172.20.0.6 networks: crowdsec_proxy: ipam: driver: default config: - subnet: 172.20.0.0/24 save and close docker compose up -d open Nginx-Proxy-Manager - 192.168.0.100:8181 docker exec -it crowdsec cscli metrics docker exec -it crowdsec cscli bouncers add nginx-proxy save API Key!!!! API key for 'nginx-proxy':
cd data cd * cd crowdsec nano crowdsec-openresty-bouncer.conf ENABLED=true API_URL=172.20.0.6:8080 APY_KEY= docker exec -it crowdsec cscli decisions add -i 192.168.0.100 docker exec -it crowdsec cscli decisions list sudo service docker start The 403 page should come up when I open Nginx Proxy Manager unfortunately the login page opens
@@geek2gether469 Thank you for the video. I too have the same problem. When testing the blocked IP, I too can open and log into NPM without any blocks. I used your docker-compose.yml exactly with only changing docker container location. I did add the bouncer key to the crowdsec-openresty-bouncer.conf and did restart docker
My apologies but your comment was sent to spam, and i just saw it today. when you run the command : "cscli bouncers list" do you see the ip address of your npm in the result ? also are you sure the ip address of the machine you are using to access npm is the IP you blocked?
My apologies but your comment was sent to spam, and i just saw it today. Did you enable the bouncer at the top of the crowdsec-openresty-bouncer.conf file?
Great tutorial.
The pace was just right & well explained - thank you! 🙏
Looking forward to going through your others & hopefully getting Crowdsec working with my caddy reverse proxy soon.
Thank so much, Crowdsec is up & running on my end now ✌️
Thank you for watching, please like share and subscribe
Thank you very much for this video. It really helped me set crowdsec. However, the more I study about crowdsec, I don't think this video is complete. For example we did not configure the nginx logs that crowdsec will monitor. Can you please elaborate on that? Thank you!
Thank you for watching. You are correct and that’s why there are several parts, more videos on crowdsec are coming up soon.
WOW - thank you!!! You are the best 🙂
You are welcome and thank you for watching
Your accent is awesome, thanks for making these two guides. Cheers!
Thank you for watching. Please do not forget to like, subscribe and share.
Hi, thank you for this video. I already have Crowdsec installed on OpnSense. How do I utilize the engin that’s already installed?
thanks for tutorial. Im at the point where Ive added my PC IP to blocklist sucessfully (to test if its working), but still Im able to access my nginx proxy manager. Not sure why it isnt blocked. Any idea? Im running setup in docker compose on synology NAS.
Nice tutorial, thx.. 👌
When trying to create it its tells me auth.log does not exist.
+ tried deleting the auth.log from the compose file. Was up and running but when i try to login with the default credentials it doesn't do anything. No error code nothing just doesnt let me login.
Hmhmh that’s weird, normally there is an error message/code. Can you check NPM logs ? There should be an error message there
@@geek2gether469 Hey again, Hope you doing well. Is it possible for you to make a guide for a synology setup? I have it kinda working, Getting the alerts but its not blocking anything.
I could if I had a synology NAS, however I don’t have access to one at the moment .
Thanks for this video - very timely for me!
This seems to work ok, however I don't seem to be able to access any of my npm hosts that are external to this npm container. I've tried making the network "external", thinking that may be why I cannot access my other docker hosts, but no luck. Not sure if my syntax is correct, but do you have any ideas that may help?
networks:
crowdsec_proxy:
external: true
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
Everything else is the same as your .yml file.
My apologies your comment was pushed to spam by youtube and i just saw it today checking my spam. I will advice you use my *.yml file to build your npm.
raw.githubusercontent.com/geek2gether/random_files/main/crowdsec-nginx-proxy-manager.yml
Also what error message do you get in docker logs?
@@geek2gether469 thanks for the reply. I did manage to get this working fine - turned out to be a DNS issue which I corrected. Works great. I also added the MariaDB option into your .yml file and everything works terrific. Thanks for this!!!
Thank you for the feedback. I’m glad it worked out. Enjoy Crowdsec security with NPM.
Thanks, great video I subscribed ;-) Just wondering if you could make another video explaining and demonstrating how to implement the CrowedSec Hub configuration into docker apps, as well as how to create your own configuration files? Thanks ;-)
Thanks to you I was able to get it working here, I installed 2 collections list, and running "cscli metrics" I see a lot of logs readed, but out of the 2 collections that I have installed only one blocks malicious activity, one was supposed to protect from the "nikto -h" attack that you showed on the other video, but the only one working is the failed login attempt, I will try to get it working, but I really don't know what I did wrong, the attack logs from "nikto -h" are being parsed but there is no action taking effect
Thank you for watching. I’m glad my video helped you get crowdsec and NPM working. What collections did you install ? And which one is not working?
@@geek2gether469 actually testing right now it worked, but only after I ran the attack twice, I'm using the nginx-proxy-manager collection
I’m glad it worked. Not sure why it took you two times for it to work. Maybe network issues? Have you checked to make sure the logs don’t have a delay?
It seems that the fork is not updated anymore. How is it secure to use?
Thank you for watching. The developer has stated on his GitHub that this is a side project and he will keep it up to date as he gets the time.
Again it’s always best practice to have more than one security tool for exposing web services, so crowdsec alone doesn’t make your server 100% secure.
You can always put crowdsec behind an IPS like snort or suricata etc for more security.
I tried to set this up but I cannot get the SSL certificates to actually pull. I just get an internal error message. So looks like I am going to revert to my regular NPM image. UPDATE: I was able to get the SSL certificates by changing the ports to regular mappings (80:8080, 81:8181, 443:4443) but now I just get this error with my certs NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
Thank you for watching. I’m unsure why, did you check your logs? Once you get it all setup and login to the gui management interface for npm setting up certificates should be thesame as the regular npm image.
Had same issue you need it to be 80:80 let's encrypt needs port 80 exclusively
Alright, that does make sense. I will have to give this a second try. Thank you.@@vivahernando1
Hi there, is this still working as for may 2024 or are there some changes? Lepresidente has couple of NPM images hosted on hubdocker, one updated in march (called nginx-proxy-manager) the other just few days ago (called nginxproxymanager). His Github look also outdated, ty
Thanks for watching and for bringing this up. Yes it is still working. I used this today. However, it is not using the latest version of NPM.
so some background i support two versions on npm currently until the pr's are merged:
Lepresidente/nginx-proxy-manager = jlesange/nginx-proxy-manager (up-to-date) (unraid fork I use)
Lepresidente/nginxproxymanager = jc21/nginx-proxy-manager (up-to-date)
@@geek2gether469 any chance to have a quick tutorial to setup crowdsec + npm fork by LePresidente nginxproxymanager= jc21/nginx-proxy-manager both on docker? (This is the one which is the most updated) I am struggling about it since 2 weeks but no luck. I tried to follow your video using LePresidente jc21 fork instead but i cannot get it working. There is not much updated and step by step tutorials avaiable around such as yours. Even a text based tutorial will do. Ty a lot. PS i have registered on your hub but i cannot paste things i get 403
@LePresidente thank you for the clarification. I may have to make an updated video about this. However on checking the jc21 docker image it doesn’t have the crowdsec-bouncer* config file to setup crowdsec bouncer parameters. Please correct me if I’m wrong but does your jc21 NPM fork include crowdsec lua bouncer?
Not sure why you could not make a post, but maybe some security filters was blocking you, I corrected that. Once I get an update from Lepresidente, I will make an updated video.
After the install of the docker image, I tried to add a proxy host in NPM but it doesn't forward anything. I tought that since crowsec is not setup yet it should work right away no?
Thank you for watching. Crowdsec doesn’t block until you add a block ip or a rule is triggered. I will need more information specific to your setup to be able to help you. It could be a lot of things causing the issue. Do you get an error when you setup proxy host? Do you have a firewall blocking npm? Are you forwarding using the right protocol? If you choose to have me help, you can open a case on geek2gether.com/community and we can work on it. Screenshots are helpful for troubleshooting but make sure you remove all personal information.
@@geek2gether469 Thanks for your help, I was just dumb, trying to access to port 80 instead of 8080. Everything works perfectly !
No worries, mistakes happen.
Hello geek2gether
thanks for the video and the instructions.
The installation works perfectly.
However, the IP is set according to the commands:
docker exec -it crowdsec cscli decisions add -i
docker exec -it crowdsec cscli decisions list
systemctl restart docker
not blocked. I can open it and log in without any problems.
I followed the instructions described exactly and didn't change anything
any idea what it could be?
greetings Aba
Thank you for watching. Did you add the bouncer key to the openrestry config file in Nginx proxy manager?
@@geek2gether469
Thanks for the quick reply!
Yes, I have done it several times exactly as described - always the same result.
the page can be opened
like this:
sudo -s
mkdir /npm
cd /npm
nano docker-compose.yml
insert:
version: "3.8"
services:
nginx-proxy-manager:
image: 'lepresidente/nginx-proxy-manager:latest'
restart: always
ports:
- "8181:8181"
- "8080:8080"
- "4443:4443"
environment:
TZ: "America/New_York"
DISABLE_IPV6: "1"
volumes:
- "/npm/data/nginx-proxy-manager:/config:rw"
- "/npm/data/nginx-proxy-manager/crowdsec/templates:/templates:ro"
networks:
crowdsec_proxy:
ipv4_address: 172.20.0.4
crowdsec:
image: "crowdsecurity/crowdsec:latest"
container_name: crowdsec
expose:
- 8080
environment:
PGID: "1000"
volumes:
- "/npm/crowdsec/data:/var/lib/crowdsec/data"
- "/npm/crowdsec/config:/etc/crowdsec"
- "/var/log/auth.log:/var/log/auth.log:ro"
- "/data/logs:/var/log/nginx:ro"
restart: unless-stopped
networks:
crowdsec_proxy:
ipv4_address: 172.20.0.6
networks:
crowdsec_proxy:
ipam:
driver: default
config:
- subnet: 172.20.0.0/24
save and close
docker compose up -d
open Nginx-Proxy-Manager - 192.168.0.100:8181
docker exec -it crowdsec cscli metrics
docker exec -it crowdsec cscli bouncers add nginx-proxy
save API Key!!!!
API key for 'nginx-proxy':
cd data
cd *
cd crowdsec
nano crowdsec-openresty-bouncer.conf
ENABLED=true
API_URL=172.20.0.6:8080
APY_KEY=
docker exec -it crowdsec cscli decisions add -i 192.168.0.100
docker exec -it crowdsec cscli decisions list
sudo service docker start
The 403 page should come up when I open Nginx Proxy Manager
unfortunately the login page opens
@@geek2gether469 Thank you for the video. I too have the same problem. When testing the blocked IP, I too can open and log into NPM without any blocks. I used your docker-compose.yml exactly with only changing docker container location. I did add the bouncer key to the crowdsec-openresty-bouncer.conf and did restart docker
My apologies but your comment was sent to spam, and i just saw it today.
when you run the command : "cscli bouncers list" do you see the ip address of your npm in the result ?
also are you sure the ip address of the machine you are using to access npm is the IP you blocked?
My apologies but your comment was sent to spam, and i just saw it today.
Did you enable the bouncer at the top of the crowdsec-openresty-bouncer.conf file?
Poor audio quality.. will look for an other video. Put a little more effort in your videos mate.
Thank you for your feedback. And I hope you find what you are looking for.