Skip to main content
Version: v1.2.2

Ingress Nginx Bouncer


๐Ÿ“š Documentation๐Ÿ’  Hub๐Ÿ’ฌ Discourse

A lua plugin bouncer for Ingress Nginx Controller.

How does it work ?#

This bouncer leverages OpenResty lua's API, used the ingress nginx controller as a plugin.

New/unknown IP are checked against crowdsec API, and if request should be blocked, a 403 is returned to the user, and put in cache.


Before installation

The Ingress nginx controller should be installed using the official helm chart

Using Helm#

First you need to create new ingress-nginx chart values file (crowdsec-ingress-bouncer.yaml) to upgrade the ingress controller with the crowdsec plugin.

controller:  extraVolumes:  - name: crowdsec-bouncer-plugin    emptyDir: {}  extraInitContainers:  - name: init-clone-crowdsec-bouncer    image: crowdsec-lua    imagePullPolicy: IfNotPresent    env:      - name: API_URL        value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" # crowdsec lapi service-name      - name: API_KEY        value: "<API KEY>" # generated with `cscli bouncers add -n <bouncer_name>      - name: DISABLE_RUN        value: "true"      - name: BOUNCER_CONFIG        value: "/crowdsec/crowdsec-bouncer.conf"    command: ['sh', '-c', "sh /; mkdir -p /lua_plugins/crowdsec/; cp /crowdsec/* /lua_plugins/crowdsec/"]    volumeMounts:    - name: crowdsec-bouncer-plugin      mountPath: /lua_plugins  extraVolumeMounts:  - name: crowdsec-bouncer-plugin    mountPath: /etc/nginx/lua/plugins/crowdsec    subPath: crowdsec  config:    plugins: "crowdsec"

This values upgrade your ingress deployment to add crowdsec lua lib as a plugin and run with the ingress controller. It used this docker image to copy the crowdsec lua library.

Once you have this patch we can upgrade the ingress-nginx chart.

helm -n ingress-nginx upgrade -f ingress-nginx-values.yaml -f crowdsec-ingress-bouncer.yaml ingress-nginx ingress-nginx

And then check if the ingress controller is running well.

kubectl -n ingress-nginx get pods


As you are using this docker image, you can configure it using environment variables listed in the docker image README.


When your IP is blocked, any request should lead to a 403 http response.