klea/selfhostingfromscratch
1
0
Fork 0
mirror of https://github.com/ImranR98/selfhostingfromscratch.git synced 2026-04-24 06:38:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use GeoBlock to blacklist/whitelist countries

Browse Source
This commit is contained in:
Imran Remtulla
2025-11-15 04:30:17 -05:00
parent a4faca0eef
commit a6d8fa808c
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server.docker-compose.yaml
View File

@@ -107,7 +107,7 @@ services:
- "traefik.http.routers.crowdsec-dashboard.entrypoints=websecure" - "traefik.http.routers.crowdsec-dashboard.entrypoints=websecure"
- "traefik.http.routers.crowdsec-dashboard.tls.certresolver=le" - "traefik.http.routers.crowdsec-dashboard.tls.certresolver=le"
- "traefik.http.routers.crowdsec-dashboard.tls=true" - "traefik.http.routers.crowdsec-dashboard.tls=true"
- "traefik.http.routers.crowdsec-dashboard.middlewares=authelia@docker" - "traefik.http.routers.crowdsec-dashboard.middlewares=authelia@docker,geoblock@file"
- "traefik.http.services.crowdsec-dashboard.loadbalancer.server.port=3000" - "traefik.http.services.crowdsec-dashboard.loadbalancer.server.port=3000"
traefik: # https://github.com/traefik/traefik traefik: # https://github.com/traefik/traefik
@@ -139,6 +139,8 @@ services:
- "--accesslog.filePath=/var/log/traefik/access.log" - "--accesslog.filePath=/var/log/traefik/access.log"
- "--providers.file.filename=/etc/traefik/dynamic-configuration.yaml" - "--providers.file.filename=/etc/traefik/dynamic-configuration.yaml"
- "--entryPoints.websecure.http.middlewares=crowdsec-bouncer@file" - "--entryPoints.websecure.http.middlewares=crowdsec-bouncer@file"
- "--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock"
- "--experimental.plugins.geoblock.version=v0.3.3"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
@@ -154,7 +156,7 @@ services:
- "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.tls=true" - "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=le" - "traefik.http.routers.api.tls.certresolver=le"
- "traefik.http.routers.api.middlewares=authelia@docker" - "traefik.http.routers.api.middlewares=authelia@docker,geoblock@file"
restart: unless-stopped restart: unless-stopped
networks: networks:
- traefik - traefik

18
traefik_dynamic_config.yaml
View File

@@ -4,3 +4,21 @@ http:
forwardauth: forwardauth:
address: http://crowdsec-bouncer:8080/api/v1/forwardAuth address: http://crowdsec-bouncer:8080/api/v1/forwardAuth
trustForwardHeader: true trustForwardHeader: true
geoblock:
plugin:
geoblock:
silentStartUp: false
allowLocalRequests: true
logLocalRequests: false
logAllowedRequests: true
logApiRequests: true
api: "https://get.geojs.io/v1/ip/country/{ip}"
apiTimeoutMs: 750
cacheSize: 15
forceMonthlyUpdate: true
allowUnknownCountries: false
unknownCountryApiResponse: "nil"
blackListMode: false
countries:
- CA
- TZ