Remote access with Caddy, Duckdns vs Tailscale for security?

[Balinus]

So, I have read a little bit on Crowdsec. Very nice indeed, not super user friendly for someone that has limited knowledge about cybersecurity and networking like me. From what I understand:

- Install Crowdsec engine (done)
- Build Caddy with duckdns and crowdsec plug-in (done)
- Install Remediation Components (aka bouncers, blocklist, etc...)

This last point is a little bit obscure for me, there is so much blocklists, etc. The items I think I should install through Crowdsec engine are:

- Caddy collection: https://app.crowdsec.net/hub/author/crow...ions/caddy
- Jellyfin collection: https://app.crowdsec.net/hub/author/LePr...s/jellyfin

Once installed, I need to get an api somehow, this part is not very well documented. I tried using the "Service API key" in the settings of Crowdsec, but I'm not sure is this is the good one. Anyhow, I then configured the Caddyfile with:

Code:

# CROWDSEC
{
    debug # this is optional; makes Caddy log more details
    order crowdsec first # this ensures that the CrowdSec module is executed before any other HTTP handlers
    crowdsec {
        api_url http://localhost:8080 # the URL where your CrowdSec LAPI can be reached, somewhere on your network/system
        api_key SERVICE-KEY-API-FROM-CROWDSEC-CONSOLE-SETTINGS # the secret API key for the bouncer to authenticate against LAPI
    }
}

jellyfin-philipperoy.duckdns.org:9000 {
        reverse_proxy 127.0.0.1:8096

        crowdsec

        tls {
                dns duckdns DUCKDNS-API
        }
}

I still do get the error when looking at "systemctl status caddy"

Code:

{"level":"error","ts":1744243579.8556097,"logger":"crowdsec","msg":"failed to connect to LAPI, retrying in 10s:

so, that's where I'm at!

---

So, I have read a little bit on Crowdsec. Very nice indeed, not super user friendly for someone that has limited knowledge about cybersecurity and networking like me. From what I understand:

- Install Crowdsec engine (done)
- Build Caddy with duckdns and crowdsec plug-in (done)
- Install Remediation Components (aka bouncers, blocklist, etc...)

This last point is a little bit obscure for me, there is so much blocklists, etc. The items I think I should install through Crowdsec engine are:

- Caddy collection: https://app.crowdsec.net/hub/author/crow...ions/caddy
- Jellyfin collection: https://app.crowdsec.net/hub/author/LePr...s/jellyfin

Once installed, I need to get an api somehow, this part is not very well documented. I tried using the "Service API key" in the settings of Crowdsec, but I'm not sure is this is the good one. Anyhow, I then configured the Caddyfile with:

Code:

# CROWDSEC
{
    debug # this is optional; makes Caddy log more details
    order crowdsec first # this ensures that the CrowdSec module is executed before any other HTTP handlers
    crowdsec {
        api_url http://localhost:8080 # the URL where your CrowdSec LAPI can be reached, somewhere on your network/system
        api_key SERVICE-KEY-API-FROM-CROWDSEC-CONSOLE-SETTINGS # the secret API key for the bouncer to authenticate against LAPI
    }
}

jellyfin-philipperoy.duckdns.org:9000 {
        reverse_proxy 127.0.0.1:8096

        crowdsec

        tls {
                dns duckdns DUCKDNS-API
        }
}

I still do get the error when looking at "systemctl status caddy"

Code:

{"level":"error","ts":1744243579.8556097,"logger":"crowdsec","msg":"failed to connect to LAPI, retrying in 10s:

so, that's where I'm at!