Crowdsec Deployed to Production + Guides

crowdsec/QUICK-REFERENCE.md

@@ -0,0 +1,131 @@
+# CrowdSec Quick Reference Card
+
+## Setup Alias (Recommended)
+
+Add to your `~/.bashrc`:
+```bash
+alias cscli='ssh 10.0.4.14 "docker exec \$(docker ps -qf name=crowdsec_crowdsec) cscli"'
+```
+
+Then use: `cscli decisions list` instead of the full command.
+
+---
+
+## Most Common Commands
+
+### View Active Bans
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions list'
+```
+
+### Ban an IP for 4 Hours
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions add --ip 1.2.3.4 --duration 4h'
+```
+
+### Unban an IP
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip 1.2.3.4'
+```
+
+### View Recent Alerts (What Triggered Bans)
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli alerts list'
+```
+
+### Check Status & Metrics
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics'
+```
+
+### Verify Bouncer Connected
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli bouncers list'
+```
+
+### View Installed Collections
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli collections list'
+```
+
+### View Traefik Access Logs
+```bash
+tail -f /home/doc/projects/swarm-data/traefik/logs/access.log
+```
+
+### View CrowdSec Logs
+```bash
+docker service logs crowdsec_crowdsec --tail 50 --follow
+```
+
+---
+
+## Add Protection to a Service
+
+### Docker Swarm Service (via labels)
+```yaml
+deploy:
+  labels:
+    - "traefik.http.routers.myapp.middlewares=crowdsec@file"
+```
+
+### External Service (in dynamic.yml)
+```yaml
+http:
+  routers:
+    myservice:
+      middlewares:
+        - crowdsec
+```
+
+---
+
+## Troubleshooting
+
+### Restart CrowdSec
+```bash
+docker service update --force crowdsec_crowdsec
+```
+
+### Restart Traefik
+```bash
+docker service update --force traefik_traefik
+```
+
+### Check if Logs Are Being Read
+```bash
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics show acquisition'
+```
+
+### View Service Status
+```bash
+docker service ls | grep -E "crowdsec|traefik"
+```
+
+---
+
+## File Locations
+
+| Purpose | Path |
+|---------|------|
+| CrowdSec Stack | `/home/doc/projects/homelab/frostlabs/crowdsec/stack.yml` |
+| Log Config | `/home/doc/projects/homelab/frostlabs/crowdsec/acquis.yaml` |
+| Traefik Config | `/home/doc/projects/homelab/frostlabs/traefik/dynamic.yml` |
+| Access Logs | `/home/doc/projects/swarm-data/traefik/logs/access.log` |
+| CrowdSec Data | `/home/doc/projects/swarm-data/crowdsec/` |
+
+---
+
+## Emergency: I Locked Myself Out
+
+```bash
+# Delete all bans
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --all'
+
+# Or unban specific IP
+ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip YOUR.IP.HERE'
+```
+
+---
+
+For detailed information, see: `/home/doc/projects/homelab/frostlabs/crowdsec/GUIDE.md`