[crowdsec] Persist /etc/crowdsec

[LaurenceJJones]

docker-setup/docker-compose.yml

Lines 31 to 34 in 6bc77a6

	volumes:
	- crowdsec-data:/var/lib/crowdsec/data/
	- wiredoor-logs:/var/log/nginx:ro
	- ./extras/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml

Hey Laurence from CrowdSec here 👋🏻

I noticed some users having issue keeping their connection to console whilst using wiredoor, the reason is the /etc/crowdsec directory holds a file called online_api_credentials.yaml which is the information for CAPI / Console to know the engine ID.

Without this directory or at least this file persisted if the container is restarted then it will loose the connection / information held within the file. We suggest persisting this directory within a named volume since you are already doing this for /var/lib/crowdsec/data.

Thank you for reading and implementing CrowdSec so easily within your docker compose, have a great day!

edit: if you encounter an issue mounting your custom acquis.yaml, just note you can mount it to /etc/crowdsec/acquis.d/nginx.yaml for example.

[dmesad]

Hey @LaurenceJJones

First of all, my apologies for the late reply. I just noticed your issue and really appreciate you taking the time to share this insight.

I wanted to ask what you’d recommend as the best way to handle the persistence of /etc/crowdsec/online_api_credentials.yaml.

I’m currently updating the Wiredoor setup to persist /etc/crowdsec so that the Console connection and online_api_credentials.yaml survive container restarts. However, we also need to mount a custom acquisition file for NGINX under /etc/crowdsec/acquis.d/nginx.yaml.

Since bind-mounting the entire /etc/crowdsec directory would overwrite the acquisitions folder, we’re thinking of using a named volume for /etc/crowdsec and a separate directory mount for /etc/crowdsec/acquis.d to inject the log definitions.

Do you have an official or recommended approach to handle this scenario. Persisting the credentials while still mounting a custom acquis file?

I’d like to follow CrowdSec’s best practices so our Docker setup stays aligned with your official recommendations.