In the Traefik static configuration (usually traefik.yml), add this to load the CrowdSec plugin:
experimental:
plugins:
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.4.2"
Code language: YAML (yaml)(The name for the plugin is defined here as crowdsec-bouncer-traefik-plugin.)
Then, in your dynamic configuration, add this (I’ve used a separate file dynamic_conf/050-plugin-crowdsec-bouncer.yml):
http:
middlewares:
crowdsec-bouncer:
plugin:
crowdsec-bouncer-traefik-plugin:
CrowdsecLapiKey: "...YOUR CROWDSEC LAPI KEY HERE..."
Enabled: true
Code language: YAML (yaml)(The name for this new middleware defined here is crowdsec-bouncer. It uses the crowdsec-bouncer-traefik-plugin defined in the previous step. Make sure these names match.)
You can get the LAPI key by registering a new bouncer in CrowdSec.
And, finally, make sure all incoming traffic routes through the bouncer plugin. You can do this individually in each route’s definition, or make it valid for all routes via the static config:
entryPoints:
websecure:
address: :443
http:
middlewares:
- crowdsec-bouncer@file
- secure-headers@file
Code language: YAML (yaml)The middlewares are processed top to bottom.
Any change to the static configuration requires a restart of Traefik to become active.