Skip to content

More complete documentation for setting up Crowdsec and the proxy manually.#784

Open
PizzaLovingNerd wants to merge 4 commits into
netbirdio:mainfrom
PizzaLovingNerd:crowdsec-doc
Open

More complete documentation for setting up Crowdsec and the proxy manually.#784
PizzaLovingNerd wants to merge 4 commits into
netbirdio:mainfrom
PizzaLovingNerd:crowdsec-doc

Conversation

@PizzaLovingNerd

@PizzaLovingNerd PizzaLovingNerd commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Addresses netbirdio/netbird#6059.

Summary by CodeRabbit

  • Documentation
    • Updated the self-hosted “Enable Reverse Proxy” migration guide with expanded client-IP preservation instructions for Traefik/PROXY protocol v2 (including proxy env settings, dynamic Traefik config, DNS guidance, and troubleshooting checklists).
    • Updated CrowdSec “How it works” with notes on requiring original client IP and configuring CrowdSec for each active proxy instance in multi-instance clusters.
    • Enhanced the “Multiple proxy instances” scaling guide with explicit PROXY protocol v2 support between Traefik and the NetBird proxy, including trusted-proxy and network configuration details.

@coderabbitai

coderabbitai Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9d99ba76-8baf-4b0a-9e74-9bbcc78e9402

📥 Commits

Reviewing files that changed from the base of the PR and between 80bb052 and 047737f.

📒 Files selected for processing (3)
  • src/pages/selfhosted/maintenance/crowdsec.mdx
  • src/pages/selfhosted/maintenance/scaling/multiple-proxy-instances.mdx
  • src/pages/selfhosted/migration/enable-reverse-proxy.mdx
✅ Files skipped from review due to trivial changes (1)
  • src/pages/selfhosted/maintenance/crowdsec.mdx

📝 Walkthrough

Walkthrough

The docs now expand reverse-proxy setup, Traefik PROXY protocol v2 wiring, client-IP preservation, multi-proxy scaling, and CrowdSec operational requirements across the self-hosted guides.

Changes

Reverse proxy and CrowdSec documentation

Layer / File(s) Summary
Migration guide proxy setup
src/pages/selfhosted/migration/enable-reverse-proxy.mdx
Updates proxy-domain prerequisites, token generation guidance, Traefik router labels, proxy environment variables, client-IP preservation steps, DNS records, environment variable reference text, and troubleshooting notes.
Multiple proxy instance scaling
src/pages/selfhosted/maintenance/scaling/multiple-proxy-instances.mdx
Adds PROXY protocol v2 support between Traefik and the proxy container, mounts Traefik dynamic config, assigns Traefik a fixed network address, defines the bridge network with IPAM settings, and adds the related transport snippet and subnet notes.
CrowdSec operational notes
src/pages/selfhosted/maintenance/crowdsec.mdx
Adds notes that CrowdSec needs the original client IP and that multi-instance clusters require CrowdSec on every active proxy instance with LAPI access and a valid bouncer key.

Estimated code review effort: 2 (Simple) | ~10 minutes

Suggested reviewers: SunsetDrifter, mlsmaycon

Poem

🐰 I hopped through tunnels, neat and bright,
With proxy headers set just right.
CrowdSec listens, client IP in view,
And Traefik hums with PROXY v2.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main docs-focused change around manual CrowdSec and proxy setup.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/pages/selfhosted/maintenance/crowdsec.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/pages/selfhosted/maintenance/scaling/multiple-proxy-instances.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/pages/selfhosted/migration/enable-reverse-proxy.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/pages/selfhosted/migration/enable-reverse-proxy.mdx`:
- Around line 366-368: The hardcoded NB_PROXY_TRUSTED_PROXIES=172.30.0.10 will
not match the Traefik IP from the main migration flow; update the docs so
CrowdSec trusts the correct proxy: either (1) change the example
NB_PROXY_TRUSTED_PROXIES to a subnet (e.g., 172.30.0.0/24) so the entire Docker
network is trusted, (2) add the suggested static IP assignment for Traefik in
the Step 7a docker-compose/networks section (netbird + ipv4_address) so Traefik
actually gets 172.30.0.10, or (3) add a short note instructing users to replace
172.30.0.10 with their Traefik container IP (with the docker inspect command)
before starting CrowdSec; refer to NB_PROXY_TRUSTED_PROXIES, the Traefik service
config in Step 7a, and the netbird network example when making the change.
- Line 86: Update the phrasing "20 character Token ID" to use a hyphenated
compound adjective: change it to "20-character Token ID" (look for that exact
phrase in the paragraph that explains the nbx_ token format and the Token ID).
Ensure any other instances of numeric + adjective before a noun (e.g., "40
characters" used as adjective) are hyphenated similarly if present.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f48d74a2-349e-4802-a85a-bec0096cd26c

📥 Commits

Reviewing files that changed from the base of the PR and between 7fb329a and 80bb052.

📒 Files selected for processing (1)
  • src/pages/selfhosted/migration/enable-reverse-proxy.mdx

Comment thread src/pages/selfhosted/migration/enable-reverse-proxy.mdx Outdated
Comment thread src/pages/selfhosted/migration/enable-reverse-proxy.mdx Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant