Proxy_Containers/traefik/README.md

Source: https://traefik.io/ \
https://github.com/traefik/traefik

### Prerequisites:
To use this docker compose yaml file you will need: \
Cloudflare DNS API TOKEN \
Running container of [docker-socket-proxy](https://scripts.gabesville.com/Gabesville/Docker-Compose/src/branch/main/Proxy_Containers/docker-socket-proxy/compose.yaml) \
Running container of [crowdsec](https://scripts.gabesville.com/Gabesville/Docker-Compose/src/branch/main/Security_Containers/crowdsec/compose.yaml)

## Guide:
1. Start the docker-socket-proxy container
2. Get your Cloudflare DNS Zone Edit API TOKEN
3. Start your traefik compose.yaml (see .env and fill in the DNS API Token, skip the bouncer API for now)
4. Start your CrowdSec container
5. Generate the Bouncer API Key with: `docker exec crowdsec cscli bouncers add traefik-bouncer` \
    NOTE: Make sure there are no special characters. If it contains anything other than [a-z A-Z 0-9], delete and regenerate: \
    `docker exec crowdsec cscli bouncers delete traefik-bouncer` \
    `docker exec crowdsec cscli bouncers add traefik-bouncer`
6. Put the output in your .env under CROWDSEC_BOUNCER_API_KEY
7. Restart traefik container

### Verifying:
1. Confirm CrowdSec Is Parsing Traefik Logs: `docker exec crowdsec cscli metrics`


### Testing:
Test CrowdSec Is Actually Blocking
Ban your own IP
docker exec crowdsec cscli decisions add --ip <your-ip>
Unban yourself
docker exec crowdsec cscli decisions delete --ip <your-ip>
docker logs traefik 2>&1 | grep -i "crowdsec\|plugin\|error" | tail -20

docker exec crowdsec cscli bouncers list
docker logs traefik 2>&1 | tail -30
docker exec crowdsec cscli bouncers delete traefik-bouncer


docker exec crowdsec cscli metrics | grep -A8 "Local API Metrics"
You should see /v1/decisions/stream hits incrementing. If that's clean, the stack is fully operational.

One Thing to Note
Since you're using crowdsecMode: stream, decisions sync every 60 seconds — so the ban may take up to a minute to take effect after step 2. If you want instant testing, temporarily switch to crowdsecMode: live in config.yaml, test, then switch back to stream.
Update Proxy_Containers/traefik/README.md 2026-05-15 02:30:05 +00:00			`Source: https://traefik.io/ \`
			`https://github.com/traefik/traefik`
Add Proxy_Containers/traefik/README.md 2026-02-07 03:55:22 +00:00
Update Proxy_Containers/traefik/README.md 2026-05-15 02:30:05 +00:00			`### Prerequisites:`
			`To use this docker compose yaml file you will need: \`
			`Cloudflare DNS API TOKEN \`
			`Running container of [docker-socket-proxy](https://scripts.gabesville.com/Gabesville/Docker-Compose/src/branch/main/Proxy_Containers/docker-socket-proxy/compose.yaml) \`
			`Running container of [crowdsec](https://scripts.gabesville.com/Gabesville/Docker-Compose/src/branch/main/Security_Containers/crowdsec/compose.yaml)`

			`## Guide:`
			`1. Start the docker-socket-proxy container`
			`2. Get your Cloudflare DNS Zone Edit API TOKEN`
			`3. Start your traefik compose.yaml (see .env and fill in the DNS API Token, skip the bouncer API for now)`
			`4. Start your CrowdSec container`
			5. Generate the Bouncer API Key with: `docker exec crowdsec cscli bouncers add traefik-bouncer` \
			`NOTE: Make sure there are no special characters. If it contains anything other than [a-z A-Z 0-9], delete and regenerate: \`
			`docker exec crowdsec cscli bouncers delete traefik-bouncer` \
			`docker exec crowdsec cscli bouncers add traefik-bouncer`
			`6. Put the output in your .env under CROWDSEC_BOUNCER_API_KEY`
			`7. Restart traefik container`

			`### Verifying:`
			1. Confirm CrowdSec Is Parsing Traefik Logs: `docker exec crowdsec cscli metrics`


			`### Testing:`
			`Test CrowdSec Is Actually Blocking`
			`Ban your own IP`
			`docker exec crowdsec cscli decisions add --ip <your-ip>`
			`Unban yourself`
			`docker exec crowdsec cscli decisions delete --ip <your-ip>`
			`docker logs traefik 2>&1 \| grep -i "crowdsec\\|plugin\\|error" \| tail -20`

			`docker exec crowdsec cscli bouncers list`
			`docker logs traefik 2>&1 \| tail -30`
			`docker exec crowdsec cscli bouncers delete traefik-bouncer`


			`docker exec crowdsec cscli metrics \| grep -A8 "Local API Metrics"`
			`You should see /v1/decisions/stream hits incrementing. If that's clean, the stack is fully operational.`

			`One Thing to Note`
			`Since you're using crowdsecMode: stream, decisions sync every 60 seconds — so the ban may take up to a minute to take effect after step 2. If you want instant testing, temporarily switch to crowdsecMode: live in config.yaml, test, then switch back to stream.`