diff --git a/crowdsec-docs/unversioned/bouncers/haproxy_spoa.mdx b/crowdsec-docs/unversioned/bouncers/haproxy_spoa.mdx index 1b77b8212..f8b0ca8e1 100644 --- a/crowdsec-docs/unversioned/bouncers/haproxy_spoa.mdx +++ b/crowdsec-docs/unversioned/bouncers/haproxy_spoa.mdx @@ -64,7 +64,7 @@ We strongly encourage the use of our packages. ### Using packages You will have to setup crowdsec repositories first [setup crowdsec -repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories). +repositories](/u/getting_started/installation/linux). - -`/etc/crowdsec/bouncer/crowdsec-spoa-bouncer.yaml` - -```yaml -log_mode: file -log_dir: /var/log/ -log_level: info -log_compression: true -log_max_size: 100 -log_max_backups: 3 -log_max_age: 30 - -update_frequency: 10s -api_url: http://127.0.0.1:8080/ -api_key: ${API_KEY} -insecure_skip_verify: false - -workers: - - name: spoa1 - listen_addr: 0.0.0.0:9000 - listen_socket: /run/crowdsec-spoa/spoa-1.sock - -worker_user: crowdsec-spoa -worker_group: crowdsec-spoa - -asn_database_path: /var/lib/crowdsec/data/GeoLite2-ASN.mmdb -city_database_path: /var/lib/crowdsec/data/GeoLite2-City.mmdb - -admin_socket: /run/crowdsec-spoa-admin.sock - -prometheus: - enabled: true - listen_addr: 127.0.0.1 - listen_port: 60601 -``` - - -You can get a workable configuration by using the yaml above and getting and api key by: -```bash -sudo cscli bouncers add mybouncer -API key for 'bouncertest': +If your CrowdSec Engine is installed on an other server, you'll have to [update +the `/etc/crowdsec/bouncer/crowdsec-spoa-bouncer.yaml` +file](/u/bouncers/haproxy_spoa#configure-the-bouncer). - JdVa7DKBM35gPDAR014pH/55l38fxLGt02NPPnZgLQI - -Please keep this key since you will not be able to retrieve it! -``` - -You can check that the bouncer is correctly installed with cscli: - -```bash -❯ sudo cscli bouncers list -────────────────────────────────────────────────────────────────────────────────────────── - Name IP Address Valid Last API pull Type -────────────────────────────────────────────────────────────────────────────────────────── - cs-spoa-bouncer-1752052534 127.0.0.1 ✔️ crowdsec-spoa-bouncer -────────────────────────────────────────────────────────────────────────────────────────── -❯ sudo cscli bouncers inspect cs-spoa-bouncer-1752052534 -────────────────────────────────────────────────────────────────────────────────────────── - Bouncer: cs-spoa-bouncer-1752052534 -────────────────────────────────────────────────────────────────────────────────────────── - Created At 2025-07-09 09:15:34.685444393 +0000 UTC - Last Update 2025-07-09 12:42:18.92023029 +0000 UTC - Revoked? false - IP Address 127.0.0.1 - Type crowdsec-spoa-bouncer - Version v0.0.3-beta29-rpm-pragmatic-arm64-db7065289a0f5ce1c92f34807c9a98b23c07dc90 - Last Pull - Auth type api-key - OS ? - Auto Created false -────────────────────────────────────────────────────────────────────────────────────────── - -``` ## HAProxy Configuration @@ -334,23 +262,98 @@ sudo mkdir -p /etc/crowdsec/bouncers/ sudo cp config/crowdsec-spoa-bouncer.yaml /etc/crowdsec/bouncers/ ``` -Edit `/etc/crowdsec/bouncers/crowdsec-spoa-bouncer.yaml`: -- Set your **LAPI URL** to point to your CrowdSec LAPI instance: - ```yaml - api_url: http://127.0.0.1:8080/ - ``` +You can always edit the configuration file at `/etc/crowdsec/bouncer/crowdsec-spoa-bouncer.yaml`: -- Generate an API key on the server where CrowdSec is intalled: - ```bash - cscli bouncers add haproxy-spoa - ``` +
+`/etc/crowdsec/bouncer/crowdsec-spoa-bouncer.yaml` + +```yaml +log_mode: file +log_dir: /var/log/ +log_level: info +log_compression: true +log_max_size: 100 +log_max_backups: 3 +log_max_age: 30 + +update_frequency: 10s +api_url: http://127.0.0.1:8080/ +api_key: ${API_KEY} +insecure_skip_verify: false + +workers: + - name: spoa1 + listen_addr: 0.0.0.0:9000 + listen_socket: /run/crowdsec-spoa/spoa-1.sock + +worker_user: crowdsec-spoa +worker_group: crowdsec-spoa + +asn_database_path: /var/lib/crowdsec/data/GeoLite2-ASN.mmdb +city_database_path: /var/lib/crowdsec/data/GeoLite2-City.mmdb + +admin_socket: /run/crowdsec-spoa-admin.sock + +prometheus: + enabled: true + listen_addr: 127.0.0.1 + listen_port: 60601 +``` +
+ +You can get a workable configuration by using the yaml above and getting and api key by: +```bash +sudo cscli bouncers add mybouncer +API key for 'bouncertest': + + JdVa7DKBM35gPDAR014pH/55l38fxLGt02NPPnZgLQI + +Please keep this key since you will not be able to retrieve it! +``` - Paste the key into: ```yaml api_key: your-generated-key ``` + +In the `/etc/crowdsec/bouncers/crowdsec-spoa-bouncer.yaml` file the following +keys are of some importance: + +- Set your **LAPI URL** to point to your CrowdSec LAPI instance: + ```yaml + api_url: http://127.0.0.1:8080/ + ``` + +You can check that the bouncer is correctly installed with cscli: + +```bash +❯ sudo cscli bouncers list +────────────────────────────────────────────────────────────────────────────────────────── + Name IP Address Valid Last API pull Type +────────────────────────────────────────────────────────────────────────────────────────── + cs-spoa-bouncer-1752052534 127.0.0.1 ✔️ crowdsec-spoa-bouncer +────────────────────────────────────────────────────────────────────────────────────────── +❯ sudo cscli bouncers inspect cs-spoa-bouncer-1752052534 +────────────────────────────────────────────────────────────────────────────────────────── + Bouncer: cs-spoa-bouncer-1752052534 +────────────────────────────────────────────────────────────────────────────────────────── + Created At 2025-07-09 09:15:34.685444393 +0000 UTC + Last Update 2025-07-09 12:42:18.92023029 +0000 UTC + Revoked? false + IP Address 127.0.0.1 + Type crowdsec-spoa-bouncer + Version v0.0.3-beta29-rpm-pragmatic-arm64-db7065289a0f5ce1c92f34807c9a98b23c07dc90 + Last Pull + Auth type api-key + OS ? + Auto Created false +────────────────────────────────────────────────────────────────────────────────────────── + +``` + + Create runtime socket directory and crowdsec-spoa user: ```bash @@ -359,6 +362,7 @@ sudo mkdir -p /run/crowdsec-spoa sudo chown crowdsec-spoa:crowdsec-spoa /run/crowdsec-spoa ``` + #### Configure HAProxy ##### Lua Integration & Environment Variables