Fix: Disable CrowdSec bouncer by default to resolve image pull error

The crowdsecurity/traefik-bouncer image was causing deployment failures. Commented out the bouncer container and middleware references - CrowdSec will still detect and log threats, but automatic blocking is disabled until the bouncer is properly configured with an API key. To enable later: 1. docker exec crowdsec cscli bouncers add traefik-bouncer 2. Add CROWDSEC_API_KEY env var 3. Uncomment bouncer container and middleware
2026-02-03 12:23:05 +01:00 · 2026-02-03 12:23:05 +01:00 · 2613b3471c
parent fa8bde3940
commit 2613b3471c
3 changed files with 23 additions and 21 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -161,21 +161,23 @@ services:
      timeout: 10s
      retries: 3
-  # CrowdSec bouncer for Traefik
+  # CrowdSec bouncer for Traefik (optional - enables automatic IP blocking)
-  crowdsec-bouncer-traefik:
+  # To enable: docker exec crowdsec cscli bouncers add traefik-bouncer
-    image: crowdsecurity/traefik-bouncer:v0.1.0
+  # Then add CROWDSEC_API_KEY to environment variables
-    container_name: crowdsec-bouncer-traefik
+  # crowdsec-bouncer-traefik:
-    restart: unless-stopped
+  #   image: crowdsecurity/traefik-bouncer:latest
-    networks:
+  #   container_name: crowdsec-bouncer-traefik
-      - crowdsec
+  #   restart: unless-stopped
-    environment:
+  #   networks:
-      - CROWDSEC_BOUNCER_API_KEY=${CROWDSEC_API_KEY:-}
+  #     - crowdsec
-      - CROWDSEC_AGENT_HOST=crowdsec:8080
+  #   environment:
-      - CROWDSEC_BOUNCER_LOG_LEVEL=1
+  #     - CROWDSEC_BOUNCER_API_KEY=${CROWDSEC_API_KEY}
-    labels:
+  #     - CROWDSEC_AGENT_HOST=crowdsec:8080
-      - "traefik.enable=false"
+  #     - CROWDSEC_BOUNCER_LOG_LEVEL=1
-    depends_on:
+  #   labels:
-      - crowdsec
+  #     - "traefik.enable=false"
  #   depends_on:
  #     - crowdsec
  # ============================================================================
  # INTERNAL DNS - AdGuard Home
--- a/traefik/dynamic/middlewares.yml
+++ b/traefik/dynamic/middlewares.yml
@ -119,10 +119,10 @@ http:
        realm: "LemonLink Secured"
    # ============================================================================
-    # CROWDSEC MIDDLEWARE
+    # CROWDSEC MIDDLEWARE (enable when using crowdsec-bouncer-traefik container)
    # ============================================================================
-    crowdsec-bouncer:
+    # crowdsec-bouncer:
-      forwardAuth:
+    #   forwardAuth:
-        address: http://crowdsec-bouncer-traefik:8080/api/v1/forwardAuth
+    #     address: http://crowdsec-bouncer-traefik:8080/api/v1/forwardAuth
-        trustForwardHeader: true
+    #     trustForwardHeader: true
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@ -60,7 +60,7 @@ entryPoints:
            sans:
              - "*.lemonlink.eu"
      middlewares:
-        - crowdsec-bouncer@file
+        # - crowdsec-bouncer@file  # Enable when using CrowdSec bouncer
        - security-headers@file
        - rate-limit@file
    forwardedHeaders: