Add ping to traefik

Uses Crowdsec

Co-authored-by: Copilot <copilot@github.com>

prometheus/docker-compose.yml

@@ -110,4 +110,5 @@ services:
       - "traefik.http.routers.grafana.rule=Host(`grafana.quangkhai.ch`)"
       - "traefik.http.routers.grafana.tls.certresolver=myresolver"
       - "traefik.http.services.grafana.loadbalancer.server.port=3000"
+      - "traefik.http.routers.grafana.middlewares=authelia-auth@docker"
       - "traefik.docker.network=proxy_tier"

traefik/crowdsec/acquis.yaml

@@ -0,0 +1,4 @@
+filenames:
+  - /var/log/traefik/access.log
+labels:
+  type: traefik

traefik/docker-compose.yaml

@@ -2,11 +2,18 @@ services:
   traefik:
     image: traefik:v3.6
     container_name: traefik
+    depends_on:
+      - crowdsec
     command:
       - "--api.dashboard=true"
       - "--api.insecure=false"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
+      - "--ping=true"
+      - "--experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.crowdsec-bouncer.version=v1.4.2"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/var/log/traefik/access.log"
 
 #      - "--entrypoints.https.address=:443"
 
@@ -14,6 +21,7 @@ services:
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
       - "--entrypoints.mqtt-secure.address=:8883"
+      - "--entrypoints.websecure.http.middlewares=crowdsec@docker"
       # Global HTTP -> HTTPS Redirection
       - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
       - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
@@ -31,6 +39,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./letsencrypt:/letsencrypt
+      - ./logs:/var/log/traefik
     networks:
       - proxy_tier
     restart: unless-stopped
@@ -40,21 +49,48 @@ services:
       timeout: 10s
       retries: 3
       start_period: 5s
-    resources:
-      limits:
-        cpus: '2'
-        memory: 512M
-      reservations:
-        cpus: '1'
-        memory: 256M
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 512M
+        reservations:
+          cpus: '1'
+          memory: 256M
     labels:
       # THE MIDDLEWARE DEFINITION
       - "traefik.http.middlewares.authelia-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.quangkhai.ch/"
       - "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true"
       - "traefik.http.middlewares.authelia-auth.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.enabled=true"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.logLevel=INFO"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdsecMode=live"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdsecLapiHost=crowdsec:8080"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdsecLapiScheme=http"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdsecLapiKey=${CROWDSEC_BOUNCER_KEY:-change-me}"
+
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    environment:
+      - TZ=UTC
+      - COLLECTIONS=crowdsecurity/traefik
+      - BOUNCER_KEY_TRAEFIK=${CROWDSEC_BOUNCER_KEY:-change-me}
+    volumes:
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+      - ./logs:/var/log/traefik:ro
+      - crowdsec-db:/var/lib/crowdsec/data
+      - crowdsec-config:/etc/crowdsec
+    networks:
+      - proxy_tier
+    restart: unless-stopped
 
 
 networks:
   proxy_tier:
     name: proxy_tier
     external: true
+
+volumes:
+  crowdsec-db:
+  crowdsec-config: