From f47526ebd2b98b71ff27c42d74f3a35414cbef7e Mon Sep 17 00:00:00 2001
From: akanealw <akanealw@gmail.com>
Date: Sat, 12 Apr 2025 21:52:44 -0500
Subject: [PATCH] updated files

---
 caddy/.env                 |  1 +
 caddy/Caddyfile            | 13 +++++--------
 caddy/Dockerfile           | 17 ++++++++++++-----
 caddy/Dockerfile.old       |  9 +++++++++
 caddy/compose-old.yml      | 29 +++++++++++++++++++++++++++++
 caddy/compose.yml          | 35 +++++++++++++++++++++++++++--------
 caddy/crowdsec/acquis.yaml |  0
 7 files changed, 83 insertions(+), 21 deletions(-)
 create mode 100644 caddy/.env
 create mode 100644 caddy/Dockerfile.old
 create mode 100644 caddy/compose-old.yml
 create mode 100644 caddy/crowdsec/acquis.yaml

diff --git a/caddy/.env b/caddy/.env
new file mode 100644
index 0000000..6749891
--- /dev/null
+++ b/caddy/.env
@@ -0,0 +1 @@
+CROWDSEC_API_KEY=GIWtpt78Iogley5euk7caGt0RwxAclgW
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 38bb2fd..8e62c87 100755
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -2,7 +2,7 @@
 # global options
 # --------------------------------------------------
 {
-	acme_ca https://acme-v02.api.letsencrypt.org/directory
+	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 
 	admin :2019
 	log {
@@ -14,13 +14,10 @@
 		trusted_proxies static private_ranges
 	}
 
-	crowdsec {
-		api_url http://localhost:8080
-		api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
-		ticker_interval 15s
-		#disable_streaming
-		#enable_hard_fails
-	}
+    crowdsec {
+        api_url http://crowdsec:8080
+        api_key {$CROWDSEC_API_KEY}
+    }
 }
 
 # --------------------------------------------------
diff --git a/caddy/Dockerfile b/caddy/Dockerfile
index 5b02e7e..6b122a5 100644
--- a/caddy/Dockerfile
+++ b/caddy/Dockerfile
@@ -1,9 +1,16 @@
-FROM caddy:builder AS builder
+ARG CADDY_VERSION=2
 
-RUN caddy-builder \
-    github.com/caddy-dns/cloudflare \
-    github.com/hslatman/caddy-crowdsec-bouncer
+FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
 
-FROM caddy:latest
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare \
+    --with github.com/mholt/caddy-l4 \
+    --with github.com/caddyserver/transform-encoder \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
+
+FROM caddy:${CADDY_VERSION} AS caddy
+
+WORKDIR /
 
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
diff --git a/caddy/Dockerfile.old b/caddy/Dockerfile.old
new file mode 100644
index 0000000..5b02e7e
--- /dev/null
+++ b/caddy/Dockerfile.old
@@ -0,0 +1,9 @@
+FROM caddy:builder AS builder
+
+RUN caddy-builder \
+    github.com/caddy-dns/cloudflare \
+    github.com/hslatman/caddy-crowdsec-bouncer
+
+FROM caddy:latest
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
diff --git a/caddy/compose-old.yml b/caddy/compose-old.yml
new file mode 100644
index 0000000..edc8b48
--- /dev/null
+++ b/caddy/compose-old.yml
@@ -0,0 +1,29 @@
+services:
+  caddy:
+    container_name: caddy
+    build: .
+    environment:
+      - DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - reverseproxy
+    ports:
+      - 80:80
+      - 443:443
+      - 2019:2019
+    volumes:
+      - ./data:/data
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./logs:/srv/
+    restart: unless-stopped
+
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    networks:
+      - reverseproxy
+
+networks:
+  reverseproxy:
+    external: true
diff --git a/caddy/compose.yml b/caddy/compose.yml
index edc8b48..fceddc1 100644
--- a/caddy/compose.yml
+++ b/caddy/compose.yml
@@ -1,22 +1,41 @@
 services:
   caddy:
+    build:
+      context: ./
+      target: caddy
     container_name: caddy
-    build: .
-    environment:
-      - DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
     security_opt:
-      - no-new-privileges:true
+      - no-new-privileges=true
+    environment:
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
     networks:
       - reverseproxy
     ports:
-      - 80:80
-      - 443:443
-      - 2019:2019
+      - "80:80"
+      - "443:443"
+    restart: unless-stopped
     volumes:
       - ./data:/data
+      - ./config:/config
+      - ./logs:/var/log/caddy
       - ./Caddyfile:/etc/caddy/Caddyfile
-      - ./logs:/srv/
+
+  crowdsec:
+    image: docker.io/crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    security_opt:
+      - no-new-privileges=true
+    environment:
+      - GID=1000
+      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
+    networks:
+      - reverseproxy
     restart: unless-stopped
+    volumes:
+      - ./crowdsec-db:/var/lib/crowdsec/data/
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - ./logs:/var/log/caddy:ro
 
   whoami:
     image: traefik/whoami
diff --git a/caddy/crowdsec/acquis.yaml b/caddy/crowdsec/acquis.yaml
new file mode 100644
index 0000000..e69de29