CrowdSec inspects reverse-proxy logs to detect malicious traffic patterns and feed remediation decisions back into the edge. The stack is intentionally slim—just the CrowdSec agent—with optional bouncer services commented out when not required.【F:crowdsec/compose.yml†L1-L37】
backend_net so it can talk to Nginx Proxy Manager (NPM) and expose its local API to bouncers.【F:crowdsec/compose.yml†L3-L23】/etc/crowdsec/config and historical decisions under /crowdsec/data so bans survive restarts.【F:crowdsec/compose.yml†L24-L27】| Service | Role |
|---|---|
| crowdsec | Behavioral analysis engine ingesting NPM logs and publishing ban decisions over the local API. |
frontend_net so it can talk to NPM over the management API while authenticating with CROWDSEC_LAPI_KEY.crowdsec image tag for updates and alert via Discord when new detection rules ship.【F:devtools/compose.yml†L125-L176】