⬆️ 📝 Update exemples and version traefik 3, crowdsec 1.6.1-2, plugin … (

#160)

* ⬆️ 📝 Update exemples and version traefik 3, crowdsec 1.6.1-2, plugin 1.3.0

* 📝 🐛 Fix race in exemple and doc for tls

Makefile

@@ -26,25 +26,25 @@ run_local:
 	docker compose -f docker-compose.local.yml up -d --remove-orphans
 
 run_behindproxy:
-	docker compose -f examples/behind-proxy/docker-compose.cloudflare.yml up -d --remove-orphans
+	docker compose -f examples/behind-proxy/docker-compose.yml up -d --remove-orphans
 
 run_cacheredis:
-	docker compose -f examples/redis-cache/docker-compose.redis.yml up -d --remove-orphans
+	docker compose -f examples/redis-cache/docker-compose.yml up -d --remove-orphans
 
 run_trustedips:
-	docker compose -f examples/trusted-ips/docker-compose.trusted.yml up -d --remove-orphans
+	docker compose -f examples/trusted-ips/docker-compose.yml up -d --remove-orphans
 
 run_binaryvm:
 	cd examples/binary-vm/ && sudo vagrant up
 
 run_tlsauth:
-	docker compose -f examples/tls-auth/docker-compose.tls-auth.yml down && docker compose -f examples/tls-auth/docker-compose.tls-auth.yml up -d && docker compose -f examples/tls-auth/docker-compose.tls-auth.yml restart && docker compose -f examples/tls-auth/docker-compose.tls-auth.yml logs -f
+	docker compose -f examples/tls-auth/docker-compose.yml up  -d --remove-orphans
 
 run_appsec:
-	docker compose -f examples/appsec-enabled/docker-compose.appsec-enabled.yml up -d
+	docker compose -f examples/appsec-enabled/docker-compose.yml up -d
 
 run_captcha:
-	docker compose -f examples/captcha/docker-compose.captcha.yml up -d
+	docker compose -f examples/captcha/docker-compose.yml up -d
 
 run_custom_ban_page:
 	docker compose -f examples/custom-ban-page/docker-compose.yml up -d
@@ -62,19 +62,25 @@ restart:
 	docker compose -f docker-compose.yml restart
 
 restart_behindproxy:
-	docker compose -f examples/behind-proxy/docker-compose.cloudflare.yml restart
+	docker compose -f examples/behind-proxy/docker-compose.yml restart
 
 restart_cacheredis:
-	docker compose -f examples/redis-cache/docker-compose.redis.yml restart
+	docker compose -f examples/redis-cache/docker-compose.yml restart
 
 restart_trustedips:
-	docker compose -f examples/trusted-ips/docker-compose.trusted.yml restart
+	docker compose -f examples/trusted-ips/docker-compose.yml restart
 
 restart_tlsauth:
-	docker compose -f examples/tls-auth/docker-compose.tls-auth.yml
+	docker compose -f examples/tls-auth/docker-compose.yml
 
 restart_appsec:
-	docker compose -f examples/tls-auth/docker-compose.appsec-enabled.yml
+	docker compose -f examples/tls-auth/docker-compose.yml
+
+restart_captcha:
+	docker compose -f examples/captcha/docker-compose.yml
+
+restart_custombanpage:
+	docker compose -f examples/custom-ban-page/docker-compose.yml
 
 show_logs:
 	docker compose -f docker-compose.yml restart
@@ -86,11 +92,13 @@ show_dev_logs:
 	docker compose -f docker-compose.dev.yml logs -f
 
 clean_all_docker:
-	docker compose -f examples/behind-proxy/docker-compose.cloudflare.yml down --remove-orphans
-	docker compose -f examples/redis-cache/docker-compose.redis.yml down --remove-orphans
-	docker compose -f examples/trusted-ips/docker-compose.trusted.yml down --remove-orphans
-	docker compose -f examples/tls-auth/docker-compose.tls-auth.yml down --remove-orphans
-	docker compose -f examples/appsec-enabled/docker-compose.appsec-enabled.yml down --remove-orphans
+	docker compose -f examples/behind-proxy/docker-compose.yml down --remove-orphans
+	docker compose -f examples/redis-cache/docker-compose.yml down --remove-orphans
+	docker compose -f examples/trusted-ips/docker-compose.yml down --remove-orphans
+	docker compose -f examples/tls-auth/docker-compose.yml down --remove-orphans
+	docker compose -f examples/appsec-enabled/docker-compose.yml down --remove-orphans
+	docker compose -f examples/captcha/docker-compose.yml down --remove-orphans
+	docker compose -f examples/custom-ban-page/docker-compose.yml down --remove-orphans
 	docker compose -f docker-compose.local.yml down --remove-orphans
 	docker compose -f docker-compose.yml down --remove-orphans
 
@@ -101,3 +109,6 @@ clean_vagrant:
 show_metrics:
 	docker exec crowdsec cscli metrics
 
+show_decisions:
+	docker exec crowdsec cscli decisions list
+

examples/behind-proxy/docker-compose.cloudflare.yml → examples/behind-proxy/docker-compose.yml

@@ -1,8 +1,6 @@
-version: "3.8"
-
 services:
   cloudflare:
-    image: "traefik:v2.10.4"
+    image: "traefik:v3.0.0"
     container_name: "cloudflare"
     restart: unless-stopped
     command:
@@ -21,7 +19,7 @@ services:
       - 8080:8080
 
   traefik:
-    image: "traefik:v2.10.4"
+    image: "traefik:v3.0.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -35,7 +33,7 @@ services:
       - "--entrypoints.web.forwardedheaders.trustedips=172.21.0.5"
 
       - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      - "--experimental.plugins.bouncer.version=v1.1.13"
+      - "--experimental.plugins.bouncer.version=v1.3.0"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - logs-traefik:/var/log/traefik
@@ -47,7 +45,7 @@ services:
 
   whoami-foo:
     image: traefik/whoami
-    container_name: "simple-service-foo"
+    container_name: "simple-service-foo-cloudflare"
     restart: unless-stopped
     labels:
       - "traefik.enable=true"
@@ -66,7 +64,7 @@ services:
 
   whoami-bar:
     image: traefik/whoami
-    container_name: "simple-service-bar"
+    container_name: "simple-service-bar-cloudflare"
     restart: unless-stopped
     labels:
       - "traefik.enable=true"
@@ -81,7 +79,7 @@ services:
 
 
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.5.2
+    image: crowdsecurity/crowdsec:v1.6.1-2
     container_name: "crowdsec"
     restart: unless-stopped
     environment:

examples/binary-vm/scripts/install_traefik.sh

@@ -2,7 +2,7 @@
 
 DEBIAN_FRONTEND=noninteractive sudo apt-get update && sudo apt-get install wget -y
 # DEBIAN_FRONTEND=noninteractive sudo apt-get upgrade -y --assume-yes
-wget -O traefik.tar.gz "https://github.com/traefik/traefik/releases/download/v2.10.4/traefik_v2.10.4_linux_amd64.tar.gz"
+wget -O traefik.tar.gz "https://github.com/traefik/traefik/releases/download/v3.0.0/traefik_v3.0.0_linux_amd64.tar.gz"
 tar -zxvf traefik.tar.gz
 # inspired from https://gist.github.com/ubergesundheit/7c9d875befc2d7bfd0bf43d8b3862d85
 sudo mv ./traefik /usr/local/bin/

examples/binary-vm/scripts/install_whoami.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DEBIAN_FRONTEND=noninteractive sudo apt-get update && apt-get install wget -y
-wget -O whoami.tar.gz "https://github.com/traefik/whoami/releases/download/v1.9.0/whoami_v1.9.0_linux_amd64.tar.gz"
+wget -O whoami.tar.gz "https://github.com/traefik/whoami/releases/download/v1.10.1/whoami_v1.10.1_linux_amd64.tar.gz"
 tar -zxvf whoami.tar.gz
 # inspired from https://gist.github.com/ubergesundheit/7c9d875befc2d7bfd0bf43d8b3862d85
 sudo mv ./whoami /usr/local/bin/

examples/captcha/README.md

@@ -32,7 +32,7 @@ It is not directly accessible from Traefik even when importing the plugin, so [d
 ```yaml 
   ...
   traefik:
-    image: "traefik:v2.11.0"
+    image: "traefik:v3.0.0"
     volumes:
       - './captcha.html:/captcha.html'
   ...
@@ -52,7 +52,7 @@ More information is available on configuring Crowdsec in the [official documenta
 ```yaml
   ...
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.6.0
+    image: crowdsecurity/crowdsec:v1.6.1-2
     volumes:
       # For captcha and ban mixed decision
       - './profiles.yaml:/etc/crowdsec/profiles.yaml:ro' 

examples/captcha/docker-compose.captcha.yml → examples/captcha/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: "traefik:v2.11.0"
+    image: "traefik:v3.0.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -12,14 +12,14 @@ services:
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
 
-      # - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      # - "--experimental.plugins.bouncer.version=v1.2.0"
-      - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.version=v1.3.0"
+      # - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - logs-captcha-enabled:/var/log/traefik
       - './captcha.html:/captcha.html'
-      - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+      # - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
     ports:
       - 8000:80
       - 8080:8080
@@ -55,7 +55,7 @@ services:
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaHTMLFilePath=/captcha.html"
 
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.6.0
+    image: crowdsecurity/crowdsec:v1.6.1-2
     container_name: "crowdsec"
     restart: unless-stopped
     environment:

examples/custom-ban-page/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: "traefik:v2.11.0"
+    image: "traefik:v3.0.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -12,14 +12,14 @@ services:
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
 
-      # - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      # - "--experimental.plugins.bouncer.version=v1.3.0-beta3"
-      - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.version=v1.3.0"
+      # - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - logs-custom-ban-page-enabled:/var/log/traefik
       - './ban.html:/ban.html'
-      - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+      # - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
     ports:
       - 8000:80
       - 8080:8080
@@ -46,7 +46,7 @@ services:
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html"
 
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.6.0
+    image: crowdsecurity/crowdsec:v1.6.1-2
     container_name: "crowdsec"
     restart: unless-stopped
     environment:

examples/kubernetes/README.md

@@ -32,13 +32,15 @@ minikube start
 helm repo add traefik https://traefik.github.io/charts
 helm repo update
 kubectl create ns traefik
-helm upgrade --version v26.1.0 --install --namespace=traefik \
+helm upgrade --version v28.0.0 --install --namespace=traefik \
     --values=./traefik/values.yml \
     traefik traefik/traefik
 ```
 
 _A [bug](https://github.com/traefik/traefik-helm-chart/commit/e7ce1b410c858642069033305eb6362f26689f16) has been fixed in chart 26.1.0 that could prevent plugin to be loaded_
 
+_v28.0.0 of the Traefik helm chart is only compatible with v3 of Traefik_
+
 #### View the Traefik dashboard
 
 > Port forward the dashboard:

examples/kubernetes/crowdsec/values.yml

@@ -1,5 +1,5 @@
 image:
-  tag: v1.6.0
+  tag: v1.6.1-2
 
 agent:
   acquisition:

examples/kubernetes/traefik/dashboard.yml

@@ -1,5 +1,5 @@
 # dashboard.yaml
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: dashboard

examples/kubernetes/traefik/plugin.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
     name: bouncer

examples/kubernetes/traefik/values.yml

@@ -1,5 +1,5 @@
 image:
-  tag: v2.11
+  tag: v3.0.0
 
 logs:
   general:
@@ -14,4 +14,4 @@ experimental:
   plugins:
     bouncer:
       moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      version: "v1.2.0"
+      version: "v1.3.0"

examples/redis-cache/docker-compose.redis.yml → examples/redis-cache/docker-compose.yml

@@ -1,8 +1,6 @@
-version: "3.8"
-
 services:
   traefik:
-    image: "traefik:v2.10.4"
+    image: "traefik:v3.0.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -15,7 +13,7 @@ services:
       - "--entrypoints.web.address=:80"
 
       - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      - "--experimental.plugins.bouncer.version=v1.1.13"
+      - "--experimental.plugins.bouncer.version=v1.3.0"
       # - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -52,7 +50,7 @@ services:
 
   whoami-redis-secure:
     image: traefik/whoami
-    container_name: "simple-service-bar"
+    container_name: "simple-service-bar-redis"
     restart: unless-stopped
     labels:
       - "traefik.enable=true"
@@ -73,7 +71,7 @@ services:
 
 
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.5.2
+    image: crowdsecurity/crowdsec:v1.6.1-2
     container_name: "crowdsec"
     restart: unless-stopped
     environment:

examples/standalone-mode/docker-compose.alone.yml → examples/standalone-mode/docker-compose.yml

@@ -1,8 +1,6 @@
-version: "3.8"
-
 services:
   traefik:
-    image: "traefik:v2.10.4"
+    image: "traefik:v3.0.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -15,16 +13,18 @@ services:
       - "--entrypoints.web.address=:80"
 
       - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      - "--experimental.plugins.bouncer.version=v1.1.13"
+      - "--experimental.plugins.bouncer.version=v1.3.0"
+      # - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
+      # - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
     ports:
       - 80:80
       - 8080:8080
 
   whoami-foo:
     image: traefik/whoami
-    container_name: "simple-service-foo"
+    container_name: "simple-service-foo-alone"
     restart: unless-stopped
     labels:
       - "traefik.enable=true"
@@ -37,9 +37,7 @@ services:
       # - "traefik.http.middlewares.crowdsec.plugin.bouncer.loglevel=DEBUG"
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecmode=alone"
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapikey=40796d93c2958f9e58345514e67740e5"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CrowdsecCapiMachineId=logincacacalfkrjebfreifgzfblezgyfoerxsqxsqxsqxsr"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CrowdsecCapiPassword=Password2"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CrowdsecCapiMachineId=FIXME"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CrowdsecCapiPassword=FIXME"
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseccapiscenarios=crowdsecurity/sshd,crowdsecurity/asterisk_bf,crowdsecurity/asterisk_user_enum,crowdsecurity/base-http-scenarios"
 
-volumes:
-  logs-local:

examples/tls-auth/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
 RUN apt-get update && apt-get install -y curl wget
 RUN VERSION=$(curl --silent "https://api.github.com/repos/cloudflare/cfssl/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/') && VNUMBER=${VERSION#"v"} && wget https://github.com/cloudflare/cfssl/releases/download/${VERSION}/cfssl_${VNUMBER}_linux_amd64 -O cfssl && chmod +x cfssl && mv cfssl /usr/local/bin