Comment on After 1.5 years of learning selfhosting, this is where I'm at

krash@lemmy.ml ⁨9⁩ ⁨months⁩ ago

• 7Sea_Sailor@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago

  The crowdsec agent running on my homelab (8 Cores, 16GB RAM) is currently sitting idle at 96.86MiB RAM and between 0.4 and 1.5% CPU usage. I have a separate crowdsec agent running on the Main VPS, which is a 2 vCPU 4GB RAM machine. There, it’s using 1.3% CPU and around 2.5% RAM. All in all, very manageable.

  There is definitely a learning curve to it. When I first dove into the docs, I was overwhelmed by all the new terminology, and wrapping my head around it was not super straightforward. Now that I’ve had some time with it though, it’s become more and more clear. I’ve even written my own simple parsers for apps that aren’t on the hub!

  What I find especially helpful are features like explain, which allow me to pass in logs and simulate which step of the process picks that up and how the logs are processed, which is great when trying to diagnose why something is or isn’t happening.

  The crowdsec agent running on my homelab is running from the docker container, and uses pretty much exactly the stock configuration. This is how the docker container is launched:

    crowdsec:
      image: crowdsecurity/crowdsec
      container_name: crowdsec
      restart: always
      networks:
        socket-proxy:
      ports:
        - "8080:8080"
      environment:
        DOCKER_HOST: tcp://socketproxy:2375
        COLLECTIONS: "schiz0phr3ne/radarr schiz0phr3ne/sonarr"
        BOUNCER_KEY_caddy: as8d0h109das9d0
        USE_WAL: true
      volumes:
        - /mnt/user/appdata/crowdsec/db:/var/lib/crowdsec/data
        - /mnt/user/appdata/crowdsec/acquis:/etc/crowdsec/acquis.d
        - /mnt/user/appdata/crowdsec/config:/etc/crowdsec
  

  Then there’s the Caddyfile on the LabProxy, which is where I handle banned IPs so that their traffic doesn’t even hit my homelab. This is the file:

  {
  	crowdsec {
  		api_url http://homelab:8080
  		api_key as8d0h109das9d0
  		ticker_interval 10s
  	}
  }
  
  *.mydomain.com {
  	tls {
  		dns cloudflare skPTIe-qA_9H2_QnpFYaashud0as8d012qdißRwCq
  	}
  	encode gzip
  	route {
  		crowdsec
  		reverse_proxy homelab:8443
  	}
  }
  

  Keep in mind that the two machines are connected via tailscale, which is why I can pass in the crowdsec agent with its local hostname. If the two machines were physically separated, you’d need to expose the REST API of the agent over the web.

  I hope this helps clear up some of your confusion! Let me know if you need any further help with understanding it. It only gets easier the more you interact with it!

  source

  • krash@lemmy.ml ⁨9⁩ ⁨months⁩ ago

    Thanks for the offer! I might take you up on that :-) If you have a Matrix handle and hang out in certain rooms, please DM me and I’ll harass reach out to you there.

    source

    • 7Sea_Sailor@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago

      Hm, I have yet to mess around with matrix. As anything fediverse, the increased complexity is a little overwhelming for me, and since I am not pulled to matrix by any communities im a part of, I wasn’t yet forced to make any decisions.

      source
• Sekki@lemmy.ml ⁨9⁩ ⁨months⁩ ago

  Somehow I only had issues with CrowdSec. I used it with Traefik but it would ban me and my family every time they used my selhosted matrix instance. I could not figure out why and it even did that when I tried it on OPNSense without the Traefik bouncer…

  source
• rbos@lemmy.ca ⁨9⁩ ⁨months⁩ ago

  I have crowdsec on a bunch of servers. It’s great and I love that I’m feeding my data to the swarm.

  source