2025-04-10, 12:45 PM
If you're a bit of a Crowdsec Guru, feel free to write a guide in the Walkthrough subforum. Does Crowdsec have modules for Nginx and Apache? I currently use fail2ban, but I'm always open to try other apps.
(2025-04-10, 07:14 AM)Duvel Wrote: This thread is turning into a "how to protect Jellyfin with Crowdsec" :-)
First of all in your config, you need 2 different API keys, because you have 2 components locally:
The LAPI server
The Caddy Bouncer
1. Your LAPI server should be registered with Crowdesc central servers, and you use the API key provided on your crowdsec.org CP
2. Your Caddy Bouncer should be registered with your LAPI server. It looks like you are stuck on that one.
In order to register your bouncer to your LAPI, you need to use the crowdsec cscli ( https://docs.crowdsec.net/docs/cscli/ )
If you have a normal install, you just do:
Code:sudo clsci <commands>
If you have a docker container, then you should do :
Code:sudo docker exec crowdsec cscli <command>
Example : list the machines
Next, list the bouncers:Code:tom@cerbere:/opt/caddy$ sudo docker exec crowdsec cscli machines list
[sudo] password for tom:
-------------------------------------------------------------------------------------------------------------------------------
Name IP Address Last Update Status Version OS Auth Type Last Heartbeat
-------------------------------------------------------------------------------------------------------------------------------
localhost 127.0.0.1 2025-04-10T06:38:05Z ✔️ v1.6.8-f209766e Alpine Linux (docker)/3.21.3 password 39s
-------------------------------------------------------------------------------------------------------------------------------
Code:tom@cerbere:/opt/caddy$ sudo docker exec crowdsec cscli bouncers list
---------------------------------------------------------------------------------------------------------
Name IP Address Valid Last API pull Type Version Auth Type
---------------------------------------------------------------------------------------------------------
caddy-bouncer@172.21.0.1 172.21.0.1 ✔️ 2025-04-10T06:49:58Z caddy-cs-bouncer v0.8.1 api-key
---------------------------------------------------------------------------------------------------------
I believe you are stuck there, and your list is probably empty. You have not added your caddy bouncer, which should have generated an API key for your bouncer to connect to the LAPI.
To register your caddy bouncer, use the <cscli bouncers add caddy-bouncer> command:
Code:$ sudo docker exec crowdsec cscli bouncers add caddy-bouncer
API key for 'caddy-bouncer':
Q8iKI+FuQc7SGG2vXQWx7WMpxKeGj2UA0Baw5lUf5Zc
Please keep this key since you will not be able to retrieve it!
This is the API key that you should specify in your CaddyFile, there:
SERVICE-KEY-API-FROM-CROWDSEC-CONSOLE-SETTINGS
Once Caddyfile is adapted, restart caddy.
And then recheck your bouncers list and status with cscli bouncers list
--> You should now see your caddy-bouncer connected
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1