Install Script

wget https://raw.githubusercontent.com/MadJalapeno/homelab-traefik/refs/heads/main/install.sh
chmod +x install.sh
./install.sh

Copy and paste that in your terminal. The script checks ports are available, you have docker installed, and then asks for paths, etc before it does anything.

Why?

I recently had to set up Traefik and Crowdsec on six virtual servers in a row. I decided it was easier to create a script that did all the installation for me, and now I'm sharing it.

Features and Benefits

What Does It Do?

The script installs Traefik as your reverse proxy with automatic HTTPS certificates and integrates CrowdSec for intelligent threat protection. Everything runs in Docker containers.

$ ./install.sh

βœ“ Checking Ports 
βœ“ Checking Docker
βœ“ Installing Traefik
βœ“ Configuring CrowdSec
βœ“ Setting up bouncers
βœ“ Generating SSL certificates

All done!
services:
  nginx:
    image: nginx
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.rule=Host(`nginx.example.com`)"
      - "traefik.http.routers.nginx.tls.certresolver=letsencrypt"

Automatic SSL Certificates

Traefik handles SSL certificates automatically via Let's Encrypt. Just add labels to your Docker services and certificates are obtained and renewed automatically.

Real-time Security

CrowdSec monitors your traffic in real-time, detects malicious behavior, and automatically blocks threats. It shares intelligence with a global community to stay ahead of attackers.

$ cscli decisions list

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ IP               β”‚ Duration β”‚ Reason        β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ 192.168.1.100    β”‚ 4h       β”‚ bruteforce    β”‚
β”‚ 10.0.0.50        β”‚ 24h      β”‚ http-probing  β”‚
β”‚ 172.16.0.10      β”‚ 1h       β”‚ bad-reputationβ”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
$ docker ps

CONTAINER ID   IMAGE
a1b2c3d4e5f6   traefik:latest
b2c3d4e5f6g7   crowdsec/crowdsec
c3d4e5f6g7h8   crowdsec/traefik-bouncer

$ docker network ls

NETWORK ID     NAME
abc123def456   proxy

Simple Architecture

Three containers work together seamlessly: Traefik routes traffic, CrowdSec analyzes logs, and the bouncer blocks threats. All connected via a dedicated Docker network.

Easy to Customize

All configuration is stored in simple YAML files. Modify routing rules, add middleware, customize CrowdSec scenarios, or adjust security policies with ease.

$ tree config/
config/
β”œβ”€β”€ traefik/
β”‚   β”œβ”€β”€ traefik.yml
β”‚   β”œβ”€β”€ conf/
β”‚   └── certs/ 
└── crowdsec/
    β”œβ”€β”€ acquis.yaml
    └── scenarios/
        └── custom-rules.yaml
Dashboards:

πŸ”· Traefik Dashboard
   https://traefik.yourdomain.com
   View routers, services, middleware

πŸ›‘οΈ CrowdSec Metrics  
   $ cscli metrics
   Decisions, scenarios, parsers

Built-in Monitoring

Monitor everything through Traefik's web dashboard and CrowdSec's command-line tools. You can also sign up for more monitoring at https://crowdsec.net.

Resources and Community