Skip to main content

Nginx Proxy Manager

This section will cover how to configure CrowdSec with Nginx Proxy Manager (NPM).

Table of Contents
  • Overview
  • Installation
  • Post-Installation

Overview

CrowdSec will be able to provide additional security and act as a IPS/IDS on the proxy.

Installation

This section assumes that CrowdSec and NPM is already installed on the host operating system with a firewall such as crowdsec-firewall-bouncer-iptables.

Required bouncers:

  • crowdsec-firewall-bouncer-iptables

The following will be installed in this section:

  • crowdsecurity/nginx-proxy-manager - Collection

To start, edit the /etc/crowdsec/acquis.yaml file and add the following line.

filenames:
  - /path/to/data/logs/*.log
labels:
  type: nginx-proxy-manager

The /path/to/data/log/*.log will be the file path to the /data/log directory created by NPM when it has started. The *.log specifies CrowdSec to review all log files within the specified directory.

Once added, we can install the NPM collection by CrowdSec.

sudo cscli collections install crowdsecurity/nginx-proxy-manager

Note that promiscuous mode listen IP address will have to be changed to 0.0.0.0 in the /etc/crowdsec/config.json file.

Post-Installation

Once installed, we can run the sudo systemctl restart crowdsec to restart CrowdSec. Once restarted, we can run sudo cscli metrics to view if CrowdSec is parsing the log files in /data/log.

If successful, we should see the log file names displayed.

To test if the blocking is successful, we can use the following command and attempt to navigate to the proxied targets.

sudo cscli decisions add -i <IP> --duration 30s --reason "Test"

If the page "hangs" or is not loading, it is an indication that the blocking works successfully.