feat: Adds appsec to crowdsec configuration.
This commit is contained in:
@@ -9,7 +9,7 @@ RUN xcaddy build \
|
|||||||
--with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
|
--with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
|
||||||
--with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
|
--with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
|
||||||
|
|
||||||
FROM caddy:${CADDY_VERSION} AS caddy
|
FROM docker.io/caddy:${CADDY_VERSION} AS caddy
|
||||||
|
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
||||||
|
|||||||
@@ -1,31 +1,30 @@
|
|||||||
{
|
{
|
||||||
email {env.ACME_EMAIL}
|
email {env.ACME_EMAIL}
|
||||||
servers {
|
servers {
|
||||||
client_ip_headers X-Forwarded-For
|
client_ip_headers X-Forwarded-For
|
||||||
trusted_proxies static private_ranges
|
trusted_proxies static private_ranges
|
||||||
trusted_proxies_strict
|
trusted_proxies_strict
|
||||||
}
|
}
|
||||||
order crowdsec before respond
|
order crowdsec before respond
|
||||||
crowdsec {
|
crowdsec {
|
||||||
api_url http://crowdsec:8080
|
api_url http://crowdsec:8080
|
||||||
api_key {$CROWDSEC_API_KEY}
|
api_key {$CROWDSEC_API_KEY}
|
||||||
ticker_interval 15s
|
ticker_interval 15s
|
||||||
}
|
appsec_url http://crowdsec:7422
|
||||||
log {
|
}
|
||||||
level INFO
|
log {
|
||||||
output file /var/log/caddy/access.log
|
level INFO
|
||||||
}
|
output file /var/log/caddy/access.log
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ductcalc.pro {
|
ductcalc.pro {
|
||||||
|
tls {
|
||||||
|
dns cloudflare {env.CF_AUTH_TOKEN}
|
||||||
|
resolvers 1.1.1.1
|
||||||
|
}
|
||||||
|
|
||||||
tls {
|
log
|
||||||
dns cloudflare {env.CF_AUTH_TOKEN}
|
crowdsec
|
||||||
resolvers 1.1.1.1
|
reverse_proxy http://ductcalc:8080
|
||||||
}
|
|
||||||
|
|
||||||
log
|
|
||||||
crowdsec
|
|
||||||
reverse_proxy http://ductcalc:8080
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- GID=1000
|
- GID=1000
|
||||||
- COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
|
- COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
|
||||||
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
|
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
|
||||||
volumes:
|
volumes:
|
||||||
- crowdsec_db:/var/lib/crowdsec/data/
|
- crowdsec_db:/var/lib/crowdsec/data/
|
||||||
|
|||||||
5
crowdsec/appsec.yaml
Normal file
5
crowdsec/appsec.yaml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
appsec_config: crowdsecurity/appsec-default
|
||||||
|
labels:
|
||||||
|
type: appsec
|
||||||
|
listen_addr: 127.0.0.1:7422
|
||||||
|
source: appsec
|
||||||
Reference in New Issue
Block a user