Hej everyone.
For almost a year now, I used the Nginx Proxy Manager (NPM) in combination with fail2ban. I also use Cloudflare to mask my home IP (I know, it’s not the most private thing and I’d switch to a VPN if my family wouldn’t rely on simple access).
Now I’m in the process of migrating my server and have wanted to switch to CrowdSec for some time now. Problem is, that there is a Docker image for NPM that is compatible with crowdsec, but it’s a bit dated and doesn’t seem to get a lot of support. I could use this and stay with NPM, which I quite like for it’s simplicity for a beginner like me.
Other options would be Traefix or NGINX without the proxy manager. Traefik seems to be quite popular but all the guides I found seem rather advanced and to be honest, it seems rather complicated.
The problem or reason why I think about this at all is that traffic coming from cloudflare passes my firewall unhindered because cloudflare acts as proxy, the real IP is only seen by NPM. As such, with my current setup there is a need for a bouncer on the level of the webserver/ reverse proxy.
So I have a few options.
- Stick with cloudflare and NPM and use Lepresidentes version which is compatible with Crowdsec.
- Use Traefik or base nginx.
- Use NPM, drop cloudflare proxy and use my firewall bouncer with crowdsec.
- Keep everything as is but use cloudflare as my bouncer (which is rate limited, AFAIK)
What do you guys think? I’d love to hear you thoughts on this!
