CrowdSec ingests HTTP access logs produced by Nginx Proxy Manager to detect brute-force attempts, credential stuffing, and other anomalies. When it identifies an offender, it records the decision in its local API (LAPI), which bouncers can query to block subsequent requests.【F:crowdsec/compose.yml†L12-L27】
crowdsecurity/crowdsec2291:8080 (exposes LAPI on the host for bouncers and dashboards)/var/lib/docker/volumes/frontdoor_npm_data/_data/logs/ → /var/log/nginx/etc/crowdsec/config → /etc/crowdsec/crowdsec/data → /var/lib/crowdsec/databackend_netalwaysCOLLECTIONS loads the crowdsecurity/nginx parser pack tailored to reverse-proxy logs.GID ensures the container writes data with the desired group permissions for Unraid.cscli bouncers add <name> inside the container shell./var/lib/crowdsec/data for growth; rotate archives periodically to control disk usage on cache devices.