Skip to content

feedback from latest session : docker / traefik#20

Open
buixor wants to merge 1 commit into
mainfrom
docker-traefik-imp
Open

feedback from latest session : docker / traefik#20
buixor wants to merge 1 commit into
mainfrom
docker-traefik-imp

Conversation

@buixor

@buixor buixor commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

Copilot AI review requested due to automatic review settings July 10, 2026 13:06

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates CrowdSec Docker and Traefik/AppSec documentation based on a recent hands-on session, focusing on persistence, container-recreate behavior, and safer Traefik bouncer key handling.

Changes:

  • Documented why /etc/crowdsec (config) and /var/lib/crowdsec/data (DB) must both be persisted in Docker deployments, and clarified the effects of container recreation.
  • Added a Docker-specific console enrollment pitfall (loss of enrollment state when /etc/crowdsec isn’t persisted).
  • Expanded Traefik bouncer docs with file-based key support (crowdsecLapiKeyFile) and additional AppSec failure/unreachable behavior options.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
skills/crowdsec/references/install/docker.md Updates Docker compose guidance (writable acquis.d) and adds persistence rationale for config/data volumes.
skills/crowdsec/references/install/console.md Clarifies Docker enrollment persistence requirements and adds a “recreate un-enrolls you” pitfall.
skills/crowdsec/references/configure/bouncers/web-servers.md Enhances Traefik plugin configuration guidance, including secrets-based key loading and AppSec failure-mode options.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +107 to +109
the enrollment — you re-enroll and re-Accept. Persist `/etc/crowdsec` (see
[../install/docker.md](../install/docker.md)), or use the `ENROLL_KEY` env
instead: it re-runs on every boot and is recreate-safe.
Comment on lines +369 to +372
- **Fail-open by default on AppSec trouble:** if AppSec errors or is unreachable, whether the
request is blocked depends on `crowdsecAppsecFailureBlock` / `crowdsecAppsecUnreachableBlock`.
Set both `true` to fail **closed** (a request 403s while AppSec is down) rather than pass
traffic through un-inspected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants