Crowdsec Deployed to Production + Guides

2025-11-14 14:01:47 -05:00
parent 778c5531ed
commit 6e57ee18d7
3 changed files with 649 additions and 0 deletions
--- a/crowdsec/stack.yml
+++ b/crowdsec/stack.yml
@@ -0,0 +1,40 @@
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    environment:
+      # Disable online API enrollment (use for local setup)
+      - DISABLE_ONLINE_API=false
+      # Set collections to install
+      - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve
+      # Enable Prometheus metrics
+      - METRICS_PORT=6060
+    volumes:
+      # Persistent CrowdSec configuration and data
+      - /home/doc/projects/swarm-data/crowdsec/config:/etc/crowdsec
+      - /home/doc/projects/swarm-data/crowdsec/data:/var/lib/crowdsec/data
+      # Traefik access logs (read-only)
+      - /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik:ro
+      # Acquis configuration
+      - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+    networks:
+      - frostlabs
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.labels.task == control
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+    healthcheck:
+      test: ["CMD", "cscli", "version"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+networks:
+  frostlabs:
+    external: true