updated caddyfile and compose file

caddy/.env

@@ -0,0 +1,2 @@
+CROWDSEC_API_KEY=uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
+DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3

caddy/Caddyfile

@@ -15,7 +15,7 @@
 	}
 
 	crowdsec {
-		api_url http://localhost:8080
+		api_url http://crowdsec:8080
 		api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
 		ticker_interval 15s
 		#disable_streaming
@@ -39,7 +39,7 @@
 # --------------------------------------------------
 
 (auth) {
-	forward_auth localhost:9091 {
+	forward_auth authelia:9091 {
 		uri /api/authz/forward-auth
 		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
 	}
@@ -73,27 +73,26 @@ auth.akanealw.com {
 
 *.akanealw.com {
 
-	# --------------------------------------------------
-	# external subdomains without authelia
-	#
-	#
-	#        @ host .akanealw.com
-	#        handle @ {
-	#                reverse_proxy 192.168.1.
-	#        }
-	#
-	#
-	#       @ host .akanealw.com
-	#       handle @ {
-    #               reverse_proxy https://192.168.1. {
-    #                   transport http {
-    #                       tls_insecure_skip_verify
-    #                       }
-    #                   }
-    #       }
-    #
-    #
-	# --------------------------------------------------
+#	--------------------------------------------------
+#	external subdomains without authelia
+#	
+#	
+#	       @ host .akanealw.com
+#	       handle @ {
+#	               reverse_proxy 192.168.1.
+#	       }
+#	
+#	
+#	      @ host .akanealw.com
+#	      handle @ {
+#                   reverse_proxy https://192.168.1. {
+#                      transport http {
+#                          tls_insecure_skip_verify
+#                          }
+#                      }
+#          }
+#    
+#	--------------------------------------------------
     
 	@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
 	@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
@@ -688,6 +687,7 @@ auth.akanealw.com {
 
 }
 
+
 # --------------------------------------------------
 # aknlw.com root domain
 # --------------------------------------------------
@@ -708,3 +708,5 @@ repo.aknlw.com {
 	import cloudflare
 	reverse_proxy 192.168.1.50:3000
 }
+
+}

caddy/compose.yml

@@ -0,0 +1,54 @@
+services:
+  caddy:
+    container_name: caddy
+    build:
+      context: ./
+      target: caddy
+    environment:
+      - DNS_PROVIDER_TOKEN=${DNS_PROVIDER_TOKEN}
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - crowdsec
+      - reverse-proxy
+    ports:
+      - 80:80
+      - 443:443
+      - 2019:2019
+    restart: unless-stopped
+    volumes:
+      - ./caddy/data:/data
+      - ./caddy-config:/config
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy/logs:/srv/
+
+  crowdsec:
+    image: docker.io/crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    environment:
+      - GID=1000
+      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
+    security_opt:
+      - no-new-privileges=true
+    networks:
+      - crowdsec
+      - reverse-proxy
+    restart: unless-stopped
+    volumes:
+      - crowdsec-db:/var/lib/crowdsec/data/
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - caddy-logs:/var/log/caddy:ro
+
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    networks:
+      - reverse-proxy
+
+networks:
+  crowdsec:
+    name: crowdsec
+  reverse-proxy:
+    external: true