After utilising my homelab for several projects, I sought a robust web application firewall (WAF) to enhance the security of my self-hosted services. My primary goal was to secure deployments while actively monitoring application logs to detect suspicious activities, such as brute-force attacks and DDoS attempts targeting my services. Essential criteria included open-source software backed by a strong community, enabling comprehensive support if challenges arose during implementation.
In my search, I discovered CrowdSec, a powerful open-source security tool designed to detect and prevent malicious activities by analysing system logs and behavioural patterns. What particularly attracted me to CrowdSec was its unique collaborative approach, allowing users to share threat intelligence, significantly strengthening community-wide security.
Since my application deployments heavily rely on Docker, CrowdSec’s compatibility with containerised environments became crucial. Additionally, I use Traefik as a reverse proxy for managing incoming requests, which also conveniently provides free SSL certificates via Let’s Encrypt. Integrating CrowdSec with Traefik promised to deliver both the flexibility and robust security framework I required.
Initially, simply deploying CrowdSec didn’t fully meet my needs because, while effective at log analysis, CrowdSec doesn’t directly implement remediation steps such as actively blocking malicious IP addresses. I required CrowdSec to analyse my Traefik access logs and proactively mitigate threats. Therefore, I turned to one of the available CrowdSec plugins: the fbonalair/crowds Docker image. This particular bouncer plugin is designed explicitly for integration with Traefik and actively blocks malicious IP addresses identified by CrowdSec.
Deploying this Docker-based solution successfully combined CrowdSec’s sophisticated detection capabilities with Traefik’s robust reverse proxy functionalities, resulting in a comprehensive security setup tailored perfectly to my homelab environment.
Detailed List of Requirements and Implementation Steps:
- Security Needs:
- Web Application Firewall (WAF) capabilities.
- Detection of suspicious activities (brute-force, DDoS).
- Active monitoring and remediation.
- Software Criteria:
- Open-source software.
- Strong community support.
- Environment Compatibility:
- Docker-based application deployment.
- Integration with Traefik reverse proxy.
- Free SSL via Let’s Encrypt.
- CrowdSec Features:
- Log analysis for detecting malicious patterns.
- Collaborative threat intelligence sharing.
- Behavioural analysis for advanced threat detection.
- Integration and Remediation:
- Direct analysis of Traefik access logs.
- Implementation of active IP blocking through remediation.
- Utilization of
fbonalair/traefik-crowdsec-bouncerDocker image.
Docker compose file –
services:
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
environment:
GID: "${GID-1000}"
COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
volumes:
- ./config/acquis.yaml:/etc/crowdsec/acquis.yaml
- /home/sanju/docker/crowdsec/db:/var/lib/crowdsec/data/
- /home/sanju/docker/crowdsec/config:/etc/crowdsec/
- /home/sanju/docker/traefik/logs:/var/log/traefik/:ro
networks:
- proxy
security_opt:
- no-new-privileges:true
env_file:
- .env # store other secrets e.g., dashboard password
restart: unless-stopped
bouncer-traefik:
image: docker.io/fbonalair/traefik-crowdsec-bouncer:latest
container_name: bouncer-traefik
environment:
CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_BOUNCER_API_KEY}
CROWDSEC_AGENT_HOST: crowdsec:8080
networks:
- proxy
depends_on:
- crowdsec
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy:
external: trueSummary:
Deploying CrowdSec with the Traefik reverse proxy using Docker provided a flexible and highly secure environment. By integrating the fbonalair/traefik-crowdsec-bouncer The solution achieved proactive threat detection and immediate remediation by blocking malicious IP addresses, fully aligning with my original security objectives for the homelab.
