[PR #1875] [CLOSED] Added crowdsec openresty bouncer support #3501

New issue

Closed

opened 2026-02-26 08:30:52 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 08:30:52 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/1875
Author: @LePresidente
Created: 2/21/2022
Status: ❌ Closed

Base: develop ← Head: develop

---

📄 Description

This adds support for Nginx Proxy Manager to be a firewall bouncer for Crowdsec

Blog post on what this does
https://crowdsec.net/blog/nginx-bouncer-v1/

This has been expanded to be a permanent addon to Nginx Proxy Manager,
This requires the following changes to the base image
https://github.com/NginxProxyManager/docker-nginx-full/pull/7

There are three Configurations that would be needed to be configurable from Nginx Proxy Manager to configure the crowdsec-openresty-bouncer for the bare minimum to get it working

File: /data/crowdsec/crowdsec-openresty-bouncer.conf

#Enables/Disables the Proxy (true|false)
ENABLED=false
#URL to the crowdsec api
API_URL=
#APIKEY to the crowdsec api, generated on crowdsec using `cscli bouncers add NPM`
API_KEY=

I'm not really sure how to do the frontend, if I can get some guidance I could do it as well

This is also currently a global setting so if an IP is banned it won't be able to connect to any host.

Full config for crowdsec

ENABLED=true
API_URL=http://localhost:8080
API_KEY=
CACHE_EXPIRATION=1
# bounce for all type of remediation that the bouncer can receive from the local API
BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=3000
UPDATE_FREQUENCY=10
# live or stream
MODE=stream
# exclude the bouncing on those location
EXCLUDE_LOCATION=
#those apply for "ban" action
# /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE
BAN_TEMPLATE_PATH=/data/crowdsec/templates/ban.html
REDIRECT_LOCATION=
RET_CODE=
#those apply for "captcha" action
# ReCaptcha Secret Key
SECRET_KEY=
# Recaptcha Site key
SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/templates/captcha.html
CAPTCHA_EXPIRATION=3600

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/1875 **Author:** [@LePresidente](https://github.com/LePresidente) **Created:** 2/21/2022 **Status:** ❌ Closed **Base:** `develop` ← **Head:** `develop` --- ### 📄 Description This adds support for Nginx Proxy Manager to be a firewall bouncer for [Crowdsec](https://www.crowdsec.net) Blog post on what this does https://crowdsec.net/blog/nginx-bouncer-v1/ This has been expanded to be a permanent addon to Nginx Proxy Manager, This requires the following changes to the base image https://github.com/NginxProxyManager/docker-nginx-full/pull/7 There are three Configurations that would be needed to be configurable from Nginx Proxy Manager to configure the crowdsec-openresty-bouncer for the bare minimum to get it working File: /data/crowdsec/crowdsec-openresty-bouncer.conf ``` #Enables/Disables the Proxy (true|false) ENABLED=false #URL to the crowdsec api API_URL= #APIKEY to the crowdsec api, generated on crowdsec using `cscli bouncers add NPM` API_KEY= ``` I'm not really sure how to do the frontend, if I can get some guidance I could do it as well This is also currently a global setting so if an IP is banned it won't be able to connect to any host. Full config for crowdsec ``` ENABLED=true API_URL=http://localhost:8080 API_KEY= CACHE_EXPIRATION=1 # bounce for all type of remediation that the bouncer can receive from the local API BOUNCING_ON_TYPE=all FALLBACK_REMEDIATION=ban REQUEST_TIMEOUT=3000 UPDATE_FREQUENCY=10 # live or stream MODE=stream # exclude the bouncing on those location EXCLUDE_LOCATION= #those apply for "ban" action # /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE BAN_TEMPLATE_PATH=/data/crowdsec/templates/ban.html REDIRECT_LOCATION= RET_CODE= #those apply for "captcha" action # ReCaptcha Secret Key SECRET_KEY= # Recaptcha Site key SITE_KEY= CAPTCHA_TEMPLATE_PATH=/data/crowdsec/templates/captcha.html CAPTCHA_EXPIRATION=3600 ``` --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 08:30:52 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#3501

No description provided.