fix: minor bugfixes & border cases

templates/caddy/full/caddy/Caddyfile

@@ -5,11 +5,11 @@
   # Enable metrics for Prometheus
   metrics
 
-  # Logging - console for Docker logs and file for CrowdSec/Promtail
+  # Logging - JSON format required for Promtail label extraction
   log {
     level INFO
     output file /var/log/caddy/access.log
-    format console
+    format json
   }
 
   # Allow CrowdSec globally
@@ -20,5 +20,14 @@
 
 }
 
+# Reusable WAF snippet — use `import waf` in any site block
+(waf) {
+  coraza_waf {
+    directives `
+      Include /etc/caddy/coraza.conf
+    `
+  }
+}
+
 # Import all site configurations from sites-enabled directory
 import /etc/caddy/sites-enabled/*.Caddyfile

templates/caddy/full/caddy/sites-enabled/examples.Caddyfile

@@ -7,13 +7,22 @@
 #   file_server
 # }
 
-# Example: Reverse Proxy for service running in docker container (must be under caddy_net)
-# api.example.com {
-#   coraza_waf {
-#     directives `
-#       Include /etc/caddy/coraza.conf
-#     `
-#   }
+# Example: Reverse Proxy for a Docker container app
 #
+# Requirements: the app container must be on caddy_net.
+# Add the following to your app's docker-compose.yml:
+#
+#   services:
+#     my-app:
+#       image: my-app:latest
+#       networks:
+#         - caddy_net
+#
+#   networks:
+#     caddy_net:
+#       external: true
+#
+# api.example.com {
+#   import waf
 #   reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
 # }

templates/caddy/full/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       - ./crowdsec/data:/var/lib/crowdsec/data
       - caddy_logs:/var/log/caddy:ro
     environment:
-      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve
+      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/base-http-scenarios
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
     networks:
       - monitoring_net
@@ -25,7 +25,7 @@ services:
       - PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD}
       - LOKI_PASSWORD=${LOKI_PASSWORD}
     volumes:
-      - ../../deploy/static:/srv/static # Your static files location
+      - ${HOME}/deploy/static:/srv/static # Your static files location
       - ./caddy/Caddyfile:/etc/caddy/Caddyfile
       - ./caddy/sites-enabled:/etc/caddy/sites-enabled
       - ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf