"
I think i managed to do something...
first, backup the standard binary
cp /usr/local/bin/caddy /usr/local/bin/caddy.backup
download the new built binary with all the needed modules:
fetch -o /tmp/caddy-custom "https://caddyserver.com/api/download?os=freebsd&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fmholt%2Fcaddy-l4&p=github.com%2Fmholt%2Fcaddy-dynamicdns&p=github.com%2Fmholt%2Fcaddy-ratelimit&p=github.com%2Fcaddyserver%2Fntlm-transport&p=github.com%2Fhslatman%2Fcaddy-crowdsec-bouncer&idempotency=26094258780053"
fix permissions and move
chmod +x /tmp/caddy-custom
mv /tmp/caddy-custom /usr/local/bin/caddy
Now create a bouncer:
cscli bouncers add caddy-bouncer
save the API Key
then I created a .global file in /usr/local/etc/caddy/caddy.d
order crowdsec before reverse_proxy
crowdsec {
api_url http://opnsense LAPI
api_key key of the created bouncer
ticker_interval 15s
}
then i had to add crowdsec in the handler.
unluckly it is not doable from the GUI, so I had to deactivate all my domain in the guy, create a .conf file in /usr/local/etc/caddy/caddy.d
my.domain.com {
log {
output file /var/log/caddy/access/b49df191-a08d-4f12-9834-bb15ceb8b3d0.log {
roll_keep_for 10d
}
}
tls {
issuer acme {
dns cloudflare API KEY CLOUDFLARE
}
}
handle {
crowdsec
reverse_proxy ip:port {
}
}
}
it seems to work!
surely can be done in a more elegant way...
first, backup the standard binary
cp /usr/local/bin/caddy /usr/local/bin/caddy.backup
download the new built binary with all the needed modules:
fetch -o /tmp/caddy-custom "https://caddyserver.com/api/download?os=freebsd&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fmholt%2Fcaddy-l4&p=github.com%2Fmholt%2Fcaddy-dynamicdns&p=github.com%2Fmholt%2Fcaddy-ratelimit&p=github.com%2Fcaddyserver%2Fntlm-transport&p=github.com%2Fhslatman%2Fcaddy-crowdsec-bouncer&idempotency=26094258780053"
fix permissions and move
chmod +x /tmp/caddy-custom
mv /tmp/caddy-custom /usr/local/bin/caddy
Now create a bouncer:
cscli bouncers add caddy-bouncer
save the API Key
then I created a .global file in /usr/local/etc/caddy/caddy.d
order crowdsec before reverse_proxy
crowdsec {
api_url http://opnsense LAPI
api_key key of the created bouncer
ticker_interval 15s
}
then i had to add crowdsec in the handler.
unluckly it is not doable from the GUI, so I had to deactivate all my domain in the guy, create a .conf file in /usr/local/etc/caddy/caddy.d
my.domain.com {
log {
output file /var/log/caddy/access/b49df191-a08d-4f12-9834-bb15ceb8b3d0.log {
roll_keep_for 10d
}
}
tls {
issuer acme {
dns cloudflare API KEY CLOUDFLARE
}
}
handle {
crowdsec
reverse_proxy ip:port {
}
}
}
it seems to work!
surely can be done in a more elegant way...
