1. The problem I’m having:
I am testing on my local server the functionality/configuration of Caddyfile together with middleware calls like crowdsec. The general functionality is working, but I can’t figure out how to configure some special reroutes based on the Caddyfile Concepts and if there is some possibility after Crowdsec “says you can pass”, to display a response “Allowed by CrowdSec!” and after 2 seconds, reroute to static file server
{
log {
level DEBUG
}
crowdsec {
api_url http://localhost:port
api_key {env.CROWDSEC_API_KEY}
ticker_interval 3s
}
}
localhost {
route {
crowdsec
respond "Allowed by CrowdSec!"
}
}
This config works fine, and works as expected. After accessing I get a webpage response “allowed by Crowdsec”
If I ban my IP (for 5 minutes) I get an Error Code: 403 Forbidden, witch is perfect.
To call a static webpage hosted in caddy, and keep the crowdsec running, I adapted the Caddyfile as follows
{
log {
level DEBUG
}
crowdsec {
api_url http://localhost:port
api_key {env.CROWDSEC_API_KEY}
ticker_interval 3s
}
}
localhost {
route {
crowdsec
#respond "Allowed by CrowdSec!"
root * /var/www
encode gzip
file_server
}
}
So now, if crowdsec allows, my static webpage is called.
Now this is good, but I want to learn a little bit more about how to write caddy config an manage this “middleware” calls. And also about working with the proper Caddyfile concepts.
Yes I read through the documentation, but I think my brain is to wired with the python or bash coding… I work my way through this problems by showing feedback on the screen, to make is visible, showing error codes, etc.
IF crowdsec middleware = TRUE, THEN show respond “Allowed by CrowdSec!” for 2 seconds, and after reroute to static webpage
IF crowdsec middleware = FALSE THEN show respond “NOT-Allowed by CrowdSec!” for 2 seconds, and after reroute to google.com, or do nothing
Anyway, I wanted to know if someone could give me a hint how to manage following use case.
- When localhost is called, then route to crowdsec middleware, if TRUE, then respond “Allowed by CrowdSec!” and after 2 seconds reroute to static page on file_server
- If the answer of Crowdsec is FALSE, then respond “Not allowed by Crowdsec! And after 2 seconds, reroute to (let’s say google.com).
- Is there a way to catch from crowdsec a feedback (TRUE/FALSE)?
I am aware that my ask might not be feasible with capabilities of Caddyfile, but it does not hurt to ask someone who has some experience. Anyhow, thanks so much for your help!
2. Error messages and/or full log output:
No errors so far
3. Caddy version:
caddy version v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
4. How I installed and ran Caddy:
Debian host bookworm on raspberry pi
a. System environment:
xcaddy image running on podman container with installed crowdsec-caddy-bouncer
b. Command:
N/A
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
{
log {
level DEBUG
}
crowdsec {
api_url http://localhost:port
api_key {env.CROWDSEC_API_KEY}
ticker_interval 3s
}
}
localhost {
route {
crowdsec
#respond "Allowed by CrowdSec!"
root * /var/www
encode gzip
file_server
}
}