for the last 2 days i try to install crowdsec bouncer plugin but seems that https://raw.githubusercontent.com/hhftechnology/middleware-manager/traefik-int/plugin/plugins.json returns 404 not found .
1 Like
I think the traefik-int branch is gone.
1 Like
I am encountering the same issues and even after changing the original url to this one, I still get the error
“Failed to load plugins: Failed to fetch plugins list: External source returned status 404.”
Is there a working solution on this situation?
1 Like
any new guide line to install this?
1 Like
When starting crowdsec, I get an error for both local_api_credentials.yaml file and the online_api_credentials.yaml, even though they are created and verified their file path. Anyone else run into this and have an idea on what I could be doing wrong?
1 Like
Try to shell into the container and check if those files are correct
docker run --rm -it \
--name crowdsec-shell \
--entrypoint /bin/sh \
-e GID="1000" \
-e COLLECTIONS="crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules" \
-e ENROLL_INSTANCE_NAME="pangolin-crowdsec" \
-e PARSERS="crowdsecurity/whitelists" \
-e ENROLL_KEY="REMOVED" \
-e ACQUIRE_FILES="/var/log/traefik/access.log" \
-e ENROLL_TAGS="docker" \
-v "$(pwd)/config/crowdsec:/etc/crowdsec" \
-v "$(pwd)/config/crowdsec/db:/var/lib/crowdsec/data" \
-v "$(pwd)/config/crowdsec_logs/auth.log:/var/log/auth.log:ro" \
-v "$(pwd)/config/crowdsec_logs/syslog:/var/log/syslog:ro" \
-v "$(pwd)/config/crowdsec_logs:/var/log" \
-v "$(pwd)/config/traefik/logs:/var/log/traefik" \
-v "$(pwd)/config/traefik/conf/captcha.html:/etc/traefik/conf/captcha.html" \
crowdsecurity/crowdsec:latest
1 Like
I was able to do that and everything seems fine there but still getting the error with those two files.
1 Like
Additionally, once I’m in the shell if I try to run cscli hub update, I get cscli hub update: failed to update hub: failed to create temporary download file for the index.json file
1 Like
That sounds like a file/folder permissions issue. Check your volume mounts and see if you can make even a temp file using touch from within the container. If your container can’t write to the config folder nothing will work
1 Like
I ended up figuring it out last night, not sure why it was calling out those files so I got kinda focused on that and then found the issue was I had the config directory as /etc/config/crowdsec, I’m thinking I accidentally hit an autocomplete in nvim and didn’t notice.
1 Like
I followed the guide but when I set crowdsec as middleware for a resource the resource starts showing “404 page not found”. When I remove crowdsec bouncer it works again.
What am I missing?
Here’s my Middleware:
{
"crowdsec": {
"crowdsecAppsecEnabled": true,
"crowdsecAppsecFailureBlock": true,
"crowdsecAppsecHost": "crowdsec:7422",
"crowdsecAppsecUnreachableBlock": true,
"crowdsecLapiHost": "crowdsec:8080",
"crowdsecLapiKey": "redacted",
"enabled": true
}
}
docker exec cscli metrics:
ubuntu@mw-oracle:~/pangolin/config/middleware-manager$ docker exec crowdsec cscli metrics
±----------------------------------------------------------------------------------------------------------------------------+
| Acquisition Metrics |
±----------------------------------±-----------±-------------±---------------±-----------------------±------------------+
| Source | Lines read | Lines parsed | Lines unparsed | Lines poured to bucket | Lines whitelisted |
±----------------------------------±-----------±-------------±---------------±-----------------------±------------------+
| file:/var/log/traefik/access.log | 160 | 160 | - | - | - |
| file:/var/log/traefik/traefik.log | 825 | 825 | - | - | - |
±----------------------------------±-----------±-------------±---------------±-----------------------±------------------+
±------------------------------------------------+
| Local API Decisions |
±----------------------±-------±-------±------+
| Reason | Origin | Action | Count |
±----------------------±-------±-------±------+
| http:bruteforce | CAPI | ban | 1231 |
| http:crawl | CAPI | ban | 747 |
| http:exploit | CAPI | ban | 15986 |
| http:scan | CAPI | ban | 864 |
| vm-management:exploit | CAPI | ban | 1 |
±----------------------±-------±-------±------+
±-----------------------------------+
| Local API Metrics |
±-------------------±-------±-----+
| Route | Method | Hits |
±-------------------±-------±-----+
| /v1/allowlists | GET | 12 |
| /v1/heartbeat | GET | 11 |
| /v1/usage-metrics | POST | 1 |
| /v1/watchers/login | POST | 67 |
±-------------------±-------±-----+
±-------------------------------------------+
| Local API Machines Metrics |
±----------±---------------±-------±-----+
| Machine | Route | Method | Hits |
±----------±---------------±-------±-----+
| localhost | /v1/allowlists | GET | 12 |
| localhost | /v1/heartbeat | GET | 11 |
±----------±---------------±-------±-----+
±-------------------------------------------------------------------+
| Parser Metrics |
±---------------------------------------±------±-------±---------+
| Parsers | Hits | Parsed | Unparsed |
±---------------------------------------±------±-------±---------+
| child-child-crowdsecurity/traefik-logs | 1.97k | 985 | 985 |
| child-crowdsecurity/http-logs | 2.96k | 985 | 1.97k |
| child-crowdsecurity/traefik-logs | 1.97k | 985 | 985 |
| crowdsecurity/dateparse-enrich | 985 | 985 | - |
| crowdsecurity/http-logs | 985 | - | 985 |
| crowdsecurity/non-syslog | 985 | 985 | - |
| crowdsecurity/public-dns-allowlist | 985 | 985 | - |
| crowdsecurity/traefik-logs | 985 | 985 | - |
| crowdsecurity/whitelists | 985 | 985 | - |
±---------------------------------------±------±-------±---------+
±--------------------------------------------------------------------------------------+
| Whitelist Metrics |
±-----------------------------------±----------------------------±-----±------------+
| Whitelist | Reason | Hits | Whitelisted |
±-----------------------------------±----------------------------±-----±------------+
| crowdsecurity/public-dns-allowlist | public DNS server | 985 | - |
| crowdsecurity/whitelists | private ipv4/ipv6 ip/ranges | 985 | - |
±-----------------------------------±----------------------------±-----±------------+
Make sure you accept the enrollment on the crowdsec console web ui
I already had it enrolled, but it seems to be having issues now.
“Critical
Security Engine: No working remediation components
Since February 18, 2026 (12:40)
Security Engine has no working remediation components and cannot block attacks effectively.
Important
Security Engine: no activity
Since February 08, 2026 (16:02)
Security Engine has not pushed alerts for more than 48 hours and might not be functioning properly.”
I have 3 remediation components (Traefik bouncers), one doesn’t show a version and any other info and two others seem to be inactive for 13 days now.
Check the traefik dashboard localhost:8080. You might have an issue with the middleware/plugin
The dashboard shows:
plugin: unknown plugin type: crowdsec
Apparently I had to change the JSON in middleware manager to start with
{ "crowdsec-bouncer-traefik" }
instead of
{ "crowdsec" }
Step 12 above has the correct name. Glad it works now. If you feel the guide should be updated let me know where
1 Like
If I run pangolin on my own hardware, not a vps.
Could I easily follow this and add crowdsec/mwm to my setup?
Asking as I tried adding it before, but it broke in some fashion (mwm couldnt add the plugin - posted on discord).