this post was submitted on 20 Jun 2025
26 points (100.0% liked)

Selfhosted

60177 readers
573 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
26
Suggestions for crowdsec + caddy + docker setup (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by whysofurious@lemmy.dbzer0.com to c/selfhosted@lemmy.world
5 comments fedilink hide all child comments
 

Hi all!

I'll try to be quick but I apologise first as I am pretty new to security stuff and my questions might be obvious to the more experts.

I have a VPS (hetzner) set up with docker, caddy for the reverse proxy, and authentik as the only login method for a couple of services (hedgedoc and forgejo). Since most of these has to be available and accessible on the internet, I also setup crowdsec and built caddy with the relevant bouncer. This allows crowdsec to inspect the caddy logs for all the services I am serving through it and act accordingly. Edit: all the services are in docker containers.

So far, so good. However, I also saw that crowdsec can directly monitor container logs with the docker integration or through container labels. Also, I saw a couple of collections on crowdsec hub specifically for Authentik and Gitea.

I feel I am missing something so my question are:

  1. Would it be useful to monitor container logs given my setup or would it be redundant?
  2. Should I add the app-specific collections, or would docker logs monitoring be enough?

My current crowdsec collections

  • crowdsecurity/linux
  • crowdsecurity/appsec-generic-rules
  • crowdsecurity/caddy
  • crowdsecurity/whitelist-good-actors
  • crowdsecurity/http-cve
  • crowdsecurity/iptables

Edit: bonus question, does someone know if the Gitea collection would be useful for Forgejo after it being a hard-fork now?

you are viewing a single comment's thread
view the rest of the comments
[–] whysofurious@lemmy.dbzer0.com 1 points 1 year ago

Thanks for the input, yes I was mostly thinking about hedgedoc, that doesn't have parsers or anything. I need to delve more into crowdsec logic and rules before trying to do my own thing, for sure. Thanks a lot tough, I followed your advice and I got Crowdsec working on both Authentik and Forgejo :)