viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
infra/stacks/traefik
History
Viktor Barzin dd029ca7fb
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Details
traefik/crowdsec: switch bouncer to live mode (stream cache doesn't enforce under Yaegi) 
After bumping to v1.6.0 (stream goroutine runs) and disabling redis (in-memory
cache), the plugin logs `handleStreamCache:updated` but still does NOT enforce:
a ban present in the LAPI stream AND pulled by the plugin still let the banned IP
through. Stream-mode decision matching is unreliable under Traefik's Yaegi
interpreter here. Switch crowdsecMode stream->live: the plugin queries LAPI
synchronously per request (result cached per-IP for defaultDecisionSeconds), which
enforces reliably and picks up new decisions immediately. LAPI is 3-replica +
in-cluster so per-request latency is small; fail-open preserved (updateMaxFailure=-1).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 17:49:26 +00:00
..
modules/traefik traefik/crowdsec: switch bouncer to live mode (stream cache doesn't enforce under Yaegi) 2026-06-19 17:49:26 +00:00
main.tf traefik/crowdsec: serve Cloudflare Turnstile for captcha remediation 2026-06-19 16:38:38 +00:00
secrets fix: restore tree dropped by 6d224861; land stem95su gdrive-sync (10m) [ci skip] 2026-06-09 08:45:33 +00:00
terragrunt.hcl traefik: non-merge apply trigger (error-pages buffer fix) 2026-06-12 20:31:24 +00:00