[Question] What should the API URL be?
Closed this issue ยท 12 comments
I'm running both Caddy and CrowdSec in a Docker Compose project, so I'm not really sure what the api_url should be set to. Should it just be the hostname of the Caddy container, along with the HTTP port (i.e. caddy:80).
Hi @lumbo7332,
Yes, that should work, but do include the scheme and use the correct port (8080, if I'm correct). An example of a configuration that works with Compose can be found here: https://github.com/hslatman/caddy-crowdsec-bouncer/blob/main/docker/config.json. The docker-compose is in the root of the repository and contains a service called crowdsec.
Thanks! I just needed to expose the ports in the Compose file.
Wait, I don't think that actually worked. This is getting spammed in the Caddy log:
time="2022-01-21T03:25:54Z" level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 172.27.0.11:8180: connect: connection refused"
docker-compose.yml
services:
caddy:
build:
context: ./
dockerfile: Dockerfile
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./users.json:/etc/caddy/auth/local/users.json
- data:/data
- config:/config
- log:/var/log/caddy
environment:
- PUID=1000
- PGID=1000
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
crowdsec:
image: crowdsecurity/crowdsec
container_name: crowdsec
hostname: crowdsec
ports:
- 8180:8180
volumes:
- ./acquis.yaml:/etc/crowdsec/acquis.yaml
- log:/var/log/caddy
environment:
- COLLECTIONS=crowdsecurity/sshd crowdsecurity/caddy-logs
volumes:
data:
config:
log:
networks:
default:
name: reverse_proxy
external: true
Caddyfile snippet
crowdsec {
api_url http://crowdsec:8180/
api_key REDACTED
ticker_interval 15s
}
You'll need 8180:8080; 8080 is CrowdSecs default port. 8080:8080 is of course also possible, but then you need to change the API url too again.
Okay, I updated the CrowdSec ports to be 8180:8080. Still getting the same error though.
Hi @poperigby,
If you use crowdsec as the service name, you should configure it to use port 8080, so http://crowdsec:8080/. The Docker DNS will resolve crowdsec to the right container directly. This means that the Caddy container needs to connect to port 8080 on that service and not on port 8180. 8180 is used to forward traffic from outside the container to the container.
Oh okay. Thank you!
Should've been more complete initially myself. Good luck! ๐
Thanks!
@hslatman I have almost the same question yet different.
In official Crowdsec docker-compose.yml example, crowdsec container has no opened ports.
What should the API_URL be set to in that case?
Thank you
@jpbaril: The CrowdSec image always has port 8080 open, so you can connect to that if Caddy with this bouncer is on the same Docker network.
Have you added a service to that example configuration that runs Caddy with this bouncer? Because if you did, it should work with using http://<service>:8080/. So if it's called crowdsec, it would be http://crowdsec:8080/. Alternatively, since the configuration specifies IPs, http://172.20.0.4:8080/ should also work.
The above will only work if the bouncer is running in the same Docker network, so if you're not starting it from the same Compose configuration, you'll need to ensure that you make it connect to the same Docker network (crowdsec_test). docker network connect is a way to do that: https://docs.docker.com/engine/reference/commandline/network_connect/. A Docker bridge network is also an option, but that would require you to make bigger changes to the example configuration.
A simpler way to make Caddy work with the example configuration is to add a port forward configuration to the crowdsec service, like this:
ports:
- 8080:8080That will make the CrowdSec API available on your localhost port 8080, so that the bouncer can connect to it directly from outside the Docker network. It should then be able to connect using http://127.0.0.1:8080/. It requires a small change to the example configuration, but that's what examples are for ๐