CrowdSec provides community-based security. It works alongside our Traefik installation to detect and remediate security events.
We combined the information in the following two videos to set up Crowdsec on our Docker infrastructure.
Install CrowdSec in Docker
A more advanced install
We set up a cron job to update CrowdSec. The commands to do this are as follows:
docker exec crowdsec cscli hub update
docker exec crowdsec cscli hub upgrade
We also set up an online account to view our dashboard.
We are using Traefik as a reverse proxy in our Home Lab. Traefik is deployed on our Docker Swarm Cluster and Raspberry Pi Docker server.
Traefik is set to use Lets Encrypt to obtain and update SSL certificates for our domain. We use a DNS-01 challenge and Cloudflare for this purpose
The steps required to deploy Traefik are covered in this video:
Deploy Traefik with Lets Encrypt SSL Certificates
We also used the information in this video to separate and secure external and internal access to our Docker containers via Taefik:
Secure Traffic External Access
Adding Workloads
Traefik can serve as a reverse proxy for services in our Docker environment, external workloads on VMs, and stand-alone Docker hosts such as our Raspberry Pi Docker host.
The last two chapters of the following video explain how to set up additional services behind a Traefik reverse proxy.
Configuring Traefik 3