Added full docker-compose example

[cellulosa]

Hi there, I provided an example at the back of my setup as it may be helpful to other folks.

[vic1707]

Apparently you can now pre-set the bouncer api key using BOUNCER_KEY_<name> which would eliminate the need to cscli bouncers add caddy-bouncer
https://hub.docker.com/r/crowdsecurity/crowdsec#environment-variables

[vic1707]

How were you able to make it work ? on my machine either caddy or crowdsec fails to start 🤔

Edit: dirty fix is to add restart: unless-stopped for caddy

---

I'm trying to get it to work on my local machine without any luck, would you mind re-checking your pr and maybe my setup?
I'm trying to be denied a curl localhost:80/rpc2 like the docs uses

• compose.yml

version: "3.8"


volumes:
  caddy-logs:

services:
  caddy:
    restart: unless-stopped
    container_name: caddy
    image: ghcr.io/vic1707/homelab/telstar-caddy:pr-26
    volumes:
      - caddy-logs:/var/log/caddy
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
    environment:
      - CROWDSEC_CADDY_BOUNCER_API_KEY=1234
    ports:
      - 8080:80
      - 4443:443
    depends_on:
      - crowdsec
    networks:
      - proxy

  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec
    volumes:
      - caddy-logs:/var/log/caddy
      - ./crowdsec_acquis.d:/etc/crowdsec/acquis.d
    environment:
      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
      - BOUNCER_KEY_caddy=1234
    networks:
      - proxy

networks:
  proxy:
    driver: bridge

• Dockerfile

# Build stage
## can be docker.io/<user> || registry.fedoraproject.org || registry.access.redhat.com
ARG CONTAINER_REGISTRY=docker.io/library
ARG CADDY_VERSION=2.10.0
FROM ${CONTAINER_REGISTRY}/caddy:${CADDY_VERSION}-builder-alpine AS builder

RUN xcaddy build \
	`# Crowdsec bouncer module` \
	--with github.com/hslatman/caddy-crowdsec-bouncer/http \
	--with github.com/hslatman/caddy-crowdsec-bouncer/appsec \
	--with github.com/hslatman/caddy-crowdsec-bouncer/layer4 \
	--with github.com/mholt/caddy-l4

# Final image
FROM ${CONTAINER_REGISTRY}/caddy:${CADDY_VERSION}-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

• Caddyfile

{
	debug
	# metrics { per_host }
	# admin :2019

	order crowdsec first
	crowdsec {
		api_url http://crowdsec:8080
		appsec_url http://crowdsec:7422
		api_key {env.CROWDSEC_CADDY_BOUNCER_API_KEY}
		enable_hard_fails
	}
}

(access_log) {
	log {
		output file /var/log/caddy/caddy.log
		level DEBUG
	}
}

:80 {
	crowdsec
	import access_log
	respond "Hello World"
}

• appsec.yaml

listen_addr: 127.0.0.1:7422
appsec_config: crowdsecurity/appsec-default
name: CrowdsecAppSec
source: appsec
labels:
  type: appsec

• caddy.yaml

source: file
filenames:
  - /var/log/caddy/*.log
labels:
  type: caddy

[cellulosa]

heya do you see any errors in the logs / terminal?

BTW shouldn't you be pointing to your Dockerfile for the build?

  caddy:
    <<: *default
    build:
      context: ./caddy
      dockerfile: Dockerfile

[vic1707]

The ghcr.io is an auto build of the dockerfile I showed (I tired to adapt my setup as much as possible, I work with ignition and coreos, bot compose 🙃)
I think the issue lies in the use of hardfails, caddy seems to be doing an initial call at boot, crowdsec not being 100% ready (due to collections download) it can't respond and that makes caddy fail
I added a way to wait for that in my config and it works perfectly