Lots of stuff

templates/caddy/full/Makefile

@@ -8,11 +8,16 @@ caddy\:restart:
 	docker exec caddy caddy reload --config /etc/caddy/Caddyfile
 	@echo "Caddy configuration reloaded successfully."
 
-caddy\:crowdsec-key
+caddy\:crowdsec-key:
 	@echo "Generating new CrowdSec API key..."
 	docker exec crowdsec cscli bouncers add caddy-bouncer
 	@echo "\n=== IMPORTANT ===\nCopy the API_KEY from the output above and replace the value of CROWDSEC_API_KEY in your .env file."
 
+caddy\:generate-password:
+	@echo "Generating new password..."
+	docker exec -it caddy caddy hash-password
+	@echo "\n=== IMPORTANT ===\nCopy the password from the output above and replace the value of PROMETHEUS_PASSWORD in your Caddyfile."
+
 caddy\:logs:
 	@echo "Showing Caddy logs..."
 	docker compose logs -f caddy

templates/caddy/full/caddy/Caddyfile

@@ -42,11 +42,17 @@
 #   reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
 # }
 
-# Example: Bypassing WAF for given API path (Useful for allowing prometheus query)
+# Example: Bypassing WAF for given API path
+# NEEDED FOR PROMETHEUS
 # api.example2.com {
+#   basic_auth {
+#     agala {$PROMETHEUS_PASSWORD}
+#   }
+#
 #   @waf {
 #     not path /api/v1/*
 #   }
+#
 #   handle @waf {
 #     coraza_waf {
 #       directives `

templates/caddy/full/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   crowdsec:
-    image: crowdsecurity/crowdsec:latest
+    image: crowdsecurity/crowdsec:v1.6.4
     container_name: crowdsec
     volumes:
       - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml