fix: minor bugfixes & border cases

src/docker/create_networks.sh

@@ -1,8 +1,10 @@
 #!/bin/bash
 
 function create_networks() {
-  docker network create caddy_net
+  docker network ls --format '{{.Name}}' | grep -q '^caddy_net$' \
+    || docker network create caddy_net
   echo "[ DOCKER ]: Created caddy intranet 'caddy_net'"
-  docker network create monitoring_net
+  docker network ls --format '{{.Name}}' | grep -q '^monitoring_net$' \
+    || docker network create monitoring_net
   echo "[ DOCKER ]: Created monitoring intranet 'monitoring_net'"
 }

src/monitoring/install_prometheus.sh

@@ -22,7 +22,7 @@ function install_prometheus() {
   # Copy Promtail configuration
   cp "$template_path/promtail/promtail.yml" "$monitoring_dir/promtail/promtail.yml"
   
-  cd "$monitoring_dir"
+  cd "$monitoring_dir" || return 1
   if [ "$development_mode" = "true" ]; then
     echo "[ MONITOR ]: Development mode - skipping Docker operations"
     echo "[ MONITOR ]: Monitoring stack files copied successfully"

src/user/create_deploy_user.sh

@@ -6,8 +6,7 @@ function create_deploy_user() {
   home_dir="/home/$username"
 
   echo "[ USER ]: Starting user $username setup"
-  mkdir -p $home_dir
-  sudo useradd $username
+  sudo useradd -m -s /bin/bash $username
   password="${DEPLOY_PASSWORD:-$(openssl rand -base64 16)}"
   echo "$username:$password" | sudo chpasswd
   echo "[ USER ]: Password set for $username (use DEPLOY_PASSWORD env var to specify)"

src/user/create_user.sh

@@ -6,8 +6,7 @@ function create_user() {
   home_dir="/home/$username"
 
   echo "[ USER ]: Starting user $username setup"
-  mkdir -p $home_dir
-  sudo useradd $username
+  sudo useradd -m -s /bin/bash $username
   password="${ADMIN_PASSWORD:-$(openssl rand -base64 16)}"
   echo "$username:$password" | sudo chpasswd
   echo "[ USER ]: Password set for $username (use ADMIN_PASSWORD env var to specify)"

src/utils/install_make.sh

@@ -3,6 +3,6 @@
 function install_make() {
   echo "[ UTILS ]: Installing Make"
   sudo apt update
-  sudo apt install make
+  sudo apt install -y make
   echo "[ UTILS ]: Make installed succesfully"
 }

src/web/install_caddy.sh

@@ -15,7 +15,7 @@ function install_caddy() {
   mkdir -p "$caddy_dir/caddy/coraza"
   mkdir -p "$caddy_dir/caddy/sites-enabled"
 
-  chown -R "$username:$username" "$caddy_dir"
+  sudo chown -R "$username:$username" "$caddy_dir"
 
   # Copy configuration files from local repo
   cp "$template_path/docker-compose.yml" "$caddy_dir/docker-compose.yml"
@@ -30,7 +30,7 @@ function install_caddy() {
   if [ "$development_mode" = "true" ]; then
     echo "[ WEB ]: Development mode - skipping Docker operations"
     echo "[ WEB ]: Creating placeholder .env file..."
-    cd "$caddy_dir"
+    cd "$caddy_dir" || return 1
     cat >"$caddy_dir/.env" <<EOF
 CROWDSEC_API_KEY=dev-placeholder-key
 PROMETHEUS_PASSWORD=dev-placeholder-password
@@ -51,7 +51,7 @@ EOF
     echo "[ WEB ]: Hashing Loki password..."
     LOKI_PASSWORD=$(htpasswd -nbB user "$loki_plain_password" | cut -d: -f2)
 
-    cd "$caddy_dir"
+    cd "$caddy_dir" || return 1
 
     # Start only CrowdSec first
     echo "[ WEB ]: Starting CrowdSec container..."
@@ -88,14 +88,15 @@ EOF
     # Start all containers now that passwords are ready
     echo "[ WEB ]: Starting all containers with generated keys..."
     sudo docker compose up -d
-  fi
 
-  echo "[ WEB ]: Caddy setup completed successfully!"
-  echo "[ WEB ]: Configuration location: $caddy_dir"
     echo "[ WEB ]: ============================================"
     echo "[ WEB ]: SAVE THESE - Plaintext monitoring passwords:"
     echo "[ WEB ]:   Prometheus: $prometheus_plain_password"
     echo "[ WEB ]:   Loki:       $loki_plain_password"
     echo "[ WEB ]: ============================================"
+  fi
+
+  echo "[ WEB ]: Caddy setup completed successfully!"
+  echo "[ WEB ]: Configuration location: $caddy_dir"
   echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/"
 }

templates/caddy/full/caddy/Caddyfile

@@ -5,11 +5,11 @@
   # Enable metrics for Prometheus
   metrics
 
-  # Logging - console for Docker logs and file for CrowdSec/Promtail
+  # Logging - JSON format required for Promtail label extraction
   log {
     level INFO
     output file /var/log/caddy/access.log
-    format console
+    format json
   }
 
   # Allow CrowdSec globally
@@ -20,5 +20,14 @@
 
 }
 
+# Reusable WAF snippet — use `import waf` in any site block
+(waf) {
+  coraza_waf {
+    directives `
+      Include /etc/caddy/coraza.conf
+    `
+  }
+}
+
 # Import all site configurations from sites-enabled directory
 import /etc/caddy/sites-enabled/*.Caddyfile

templates/caddy/full/caddy/sites-enabled/examples.Caddyfile

@@ -7,13 +7,22 @@
 #   file_server
 # }
 
-# Example: Reverse Proxy for service running in docker container (must be under caddy_net)
-# api.example.com {
-#   coraza_waf {
-#     directives `
-#       Include /etc/caddy/coraza.conf
-#     `
-#   }
+# Example: Reverse Proxy for a Docker container app
 #
+# Requirements: the app container must be on caddy_net.
+# Add the following to your app's docker-compose.yml:
+#
+#   services:
+#     my-app:
+#       image: my-app:latest
+#       networks:
+#         - caddy_net
+#
+#   networks:
+#     caddy_net:
+#       external: true
+#
+# api.example.com {
+#   import waf
 #   reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
 # }

templates/caddy/full/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       - ./crowdsec/data:/var/lib/crowdsec/data
       - caddy_logs:/var/log/caddy:ro
     environment:
-      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve
+      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/base-http-scenarios
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
     networks:
       - monitoring_net
@@ -25,7 +25,7 @@ services:
       - PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD}
       - LOKI_PASSWORD=${LOKI_PASSWORD}
     volumes:
-      - ../../deploy/static:/srv/static # Your static files location
+      - ${HOME}/deploy/static:/srv/static # Your static files location
       - ./caddy/Caddyfile:/etc/caddy/Caddyfile
       - ./caddy/sites-enabled:/etc/caddy/sites-enabled
       - ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf