this post was submitted on 18 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Background

I recently made an effort to harden my network due to (technically) exposing more of it with FireZone (WireGuard). For the curious, I shared some details in a recent comment. I didn't mention it in the comment, but I also set up local DNS (Technitium) with block lists.

I'm approaching a point where I'm comfortable with my setup security-wise, but I'm missing a couple of things still: A solid firewall and proper backups. In this post, I'm interested in discussing the former.

NPM serves as the primary entrypoint into my server. For a while I considered looking into putting fail2ban in front of it, but then I came across CrowdSec which seems like a superior solution. And so I started looking into how to implement it alongside NPM.

There's an official guide, but it relies on a fork of a fork (Docker Hub) of NPM, which seems unsustainable. I also found this guide in a reddit post, which relies on a fork of the official image. However, it looks like the image is no longer hosted on Docker Hub.

Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.

tl;dr

I can't find any documentet, successful attempt at having CrowdSec function in front of Nginx Proxy Manager. The solutions that are publicly documentet, even officially by CrowdSec, rely on forks of NPM.


Conclusions

I feel like it should be possible to have the two services work together with the official images. Probably with a relatively complex setup. If anyone has made this work somehow, I'd be very happy to look at your docker-compose files.

Thanks for reading.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago

If you are running proxmox then you can use tteks NPM lxc script and add the crowdsec script on top of that. Took me about 2 minutes with the downside of running something someone else set up instead of going step by step.