added bouncer

caddy/Caddyfile

@@ -1,13 +1,23 @@
-{$CADDY_BASE_HOST} {
+{
-	encode zstd gzip
+  crowdsec {
-  reverse_proxy http://frontend:3000
+      api_url {$CROWDSEC_API_URL}
-  handle_path /api/* {
+      api_key {$CROWDSEC_API_KEY}
-    reverse_proxy http://backend:3000
   }
-  handle_path /profileImages/* {
+}
-    rewrite * /sorvor{path}
-    reverse_proxy http://minio:9000
 
+{$CADDY_BASE_HOST} {
+  route {
+    crowdsec
+    encode zstd gzip
+    reverse_proxy http://frontend:3000
+    handle_path /api/* {
+      reverse_proxy http://backend:3000
+    }
+    handle_path /profileImages/* {
+      rewrite * /sorvor{path}
+      reverse_proxy http://minio:9000
+
+    }
   }
   log {
     output file /var/log/caddy/access.log

caddy/Dockerfile

@@ -0,0 +1,14 @@
+ARG CADDY_VERSION=2
+
+FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
+
+RUN xcaddy build \
+    --with github.com/mholt/caddy-l4 \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
+
+FROM caddy:${CADDY_VERSION} AS caddy
+
+WORKDIR /
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

compose.yml

@@ -32,7 +32,9 @@ services:
     env_file:
       - .env
   caddy:
-    image: caddy
+    build:
+      context: ./caddy/
+      target: caddy
     restart: unless-stopped
     env_file:
       - .env
@@ -64,7 +66,6 @@ services:
       - crowdsec-db:/var/lib/crowdsec/data/
       - crowdsec-config:/etc/crowdsec/
       - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
-      - ./crowdsec/acquis-test.yaml:/etc/crowdsec/acquis-test.yaml
 
 volumes:
   crowdsec-db: