In the Traefik static configuration (usually traefik.yml), add this to load the CrowdSec plugin:

experimental:
  plugins:
    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.4.2"

(The name for the plugin is defined here as crowdsec-bouncer-traefik-plugin.)

Then, in your dynamic configuration, add this (I’ve used a separate file dynamic_conf/050-plugin-crowdsec-bouncer.yml):

http:
  middlewares:
    crowdsec-bouncer:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          CrowdsecLapiKey: "...YOUR CROWDSEC LAPI KEY HERE..."
          Enabled: true

(The name for this new middleware defined here is crowdsec-bouncer. It uses the crowdsec-bouncer-traefik-plugin defined in the previous step. Make sure these names match.)

You can get the LAPI key by registering a new bouncer in CrowdSec.

And, finally, make sure all incoming traffic routes through the bouncer plugin. You can do this individually, or in general via the static config:

entryPoints:

  websecure:
    address: :443
    http:
      middlewares:
        - crowdsec-bouncer@file
        - secure-headers@file

The middlewares are processed top to bottom.