updated files

caddy/.env

@@ -0,0 +1 @@
+CROWDSEC_API_KEY=GIWtpt78Iogley5euk7caGt0RwxAclgW

caddy/Caddyfile

@@ -2,7 +2,7 @@
 # global options
 # --------------------------------------------------
 {
-	acme_ca https://acme-v02.api.letsencrypt.org/directory
+	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 
 	admin :2019
 	log {
@@ -14,13 +14,10 @@
 		trusted_proxies static private_ranges
 	}
 
-	crowdsec {
-		api_url http://localhost:8080
-		api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
-		ticker_interval 15s
-		#disable_streaming
-		#enable_hard_fails
-	}
+    crowdsec {
+        api_url http://crowdsec:8080
+        api_key {$CROWDSEC_API_KEY}
+    }
 }
 
 # --------------------------------------------------

caddy/Dockerfile

@@ -1,9 +1,16 @@
-FROM caddy:builder AS builder
+ARG CADDY_VERSION=2
 
-RUN caddy-builder \
-    github.com/caddy-dns/cloudflare \
-    github.com/hslatman/caddy-crowdsec-bouncer
+FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
 
-FROM caddy:latest
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare \
+    --with github.com/mholt/caddy-l4 \
+    --with github.com/caddyserver/transform-encoder \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
+
+FROM caddy:${CADDY_VERSION} AS caddy
+
+WORKDIR /
 
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy

caddy/Dockerfile.old

@@ -0,0 +1,9 @@
+FROM caddy:builder AS builder
+
+RUN caddy-builder \
+    github.com/caddy-dns/cloudflare \
+    github.com/hslatman/caddy-crowdsec-bouncer
+
+FROM caddy:latest
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

caddy/compose-old.yml

@@ -0,0 +1,29 @@
+services:
+  caddy:
+    container_name: caddy
+    build: .
+    environment:
+      - DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - reverseproxy
+    ports:
+      - 80:80
+      - 443:443
+      - 2019:2019
+    volumes:
+      - ./data:/data
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./logs:/srv/
+    restart: unless-stopped
+
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    networks:
+      - reverseproxy
+
+networks:
+  reverseproxy:
+    external: true

caddy/compose.yml

@@ -1,22 +1,41 @@
 services:
   caddy:
+    build:
+      context: ./
+      target: caddy
     container_name: caddy
-    build: .
-    environment:
-      - DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
     security_opt:
-      - no-new-privileges:true
+      - no-new-privileges=true
+    environment:
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
     networks:
       - reverseproxy
     ports:
-      - 80:80
-      - 443:443
-      - 2019:2019
+      - "80:80"
+      - "443:443"
+    restart: unless-stopped
     volumes:
       - ./data:/data
+      - ./config:/config
+      - ./logs:/var/log/caddy
       - ./Caddyfile:/etc/caddy/Caddyfile
-      - ./logs:/srv/
+
+  crowdsec:
+    image: docker.io/crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    security_opt:
+      - no-new-privileges=true
+    environment:
+      - GID=1000
+      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
+    networks:
+      - reverseproxy
     restart: unless-stopped
+    volumes:
+      - ./crowdsec-db:/var/lib/crowdsec/data/
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - ./logs:/var/log/caddy:ro
 
   whoami:
     image: traefik/whoami