Custom HTTP codes when geoblocked

Traefik Traefik v3 (latest)
,
1 
services:
  traefik:
    container_name: traefik
    image: traefik:latest
    ports:
      - 80:80
      - 443:443
    volumes:
      - /docker/security/traefik/:/etc/traefik/
      - /var/log/crowdsec/:/var/log/crowdsec/
      - /docker/security/traefik/plugins:/plugins-local
      - /docker/security/traefik/ban.html:/ban.html
    networks: 
       macvlan_docker1:
         ipv4_address: 192.168.1.251
       lan-traefik:
    labels:
      traefik.http.routers.api.rule: Host(traefik.xxxxx.duckdns.org)   
      traefik.http.routers.api.entryPoints: https
      traefik.http.routers.api.service: api@internal
      traefik.http.services.dummy.loadBalancer.server.port: 65535
      traefik.http.routers.api.middlewares: dashboard-ipwhitelist
      traefik.http.middlewares.dashboard-ipwhitelist.ipWhiteList.sourceRange: "127.0.0.1/32,192.168.1.0/24,192.168.144.0/20"
      traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath: /ban.html
      traefik.http.routers.traefik.entrypoints: https
      traefik.http.routers.traefik.middlewares: error-pages-middleware
      traefik.enable: true   # Enable Traefik reverse proxy for the Traefik dashboard.
      
    environment:
      DOCKER_HOST: dockersocket:2375
      DUCKDNS_TOKEN: xxxxx
    restart: unless-stopped
    depends_on:
      - dockersocket
      - error-pages

  dockersocket:
    container_name: dockersocket
    image: tecnativa/docker-socket-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      lan-traefik:
    ports:
      - "2375:2375"
    environment:
      CONTAINERS: 1
      POST: 0
    privileged: true
    restart: unless-stopped

  crowdsec:
    image: crowdsecurity/crowdsec
    container_name: crowdsec
    expose:
      - 8083
    ports:
      - 8083:8083
      - 6060:6060
    environment:
      PGID: "1000"
      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve"
      BOUNCER_KEY_TRAEFIK: "xxxxx"
    volumes:
      - /docker/security/crowdsec/data:/var/lib/crowdsec/data
      - /docker/security/crowdsec:/etc/crowdsec
      - /var/log/auth.log:/var/log/auth.log:ro
      - /var/log/crowdsec:/var/log/crowdsec:ro
      - /var/log/syslog:/var/log/syslog:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      lan-traefik:
    restart: unless-stopped

  error-pages:
    image: ghcr.io/tarampampam/error-pages:latest
    container_name: error-pages
    environment:
      TEMPLATE_NAME: shuffle
      TEMPLATES_ROTATION_MODE: random-on-each-request
    labels:
      traefik.enable: true
      # use as "fallback" for any NON-registered services (with priority below normal)
      traefik.http.routers.error-pages-router.rule: HostRegexp(.+)
      traefik.http.routers.error-pages-router.priority: 10
      # should say that all of your services work on https
      traefik.http.routers.error-pages-router.entrypoints: https
      traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
      # "errors" middleware settings
      traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
      traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
      traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
      # define service properties
      traefik.http.services.error-pages-service.loadbalancer.server.port: 8080
    networks:
      lan-traefik:

networks:
  lan-traefik:
    external: true
  macvlan_docker1:
    external: true

experimental:
  plugins:
    geoblock:
      moduleName: github.com/PascalMinder/geoblock 
      version: v0.2.8

   geoblock:
      plugin:
        geoblock:
          silentStartUp: false
          allowLocalRequests: true
          logLocalRequests: false
          logAllowedRequests: false
          logApiRequests: false
          api: "https://get.geojs.io/v1/ip/country/{ip}"
          apiTimeoutMs: 500
          cacheSize: 25
          forceMonthlyUpdate: true
          allowUnknownCountries: false
          unknownCountryApiResponse: "nil"
          countries:
            - RO
            - DE

Example service:

services:
  wizarr:
      container_name: wizarr
      image: ghcr.io/wizarrrr/wizarr:beta
      networks:
        - lan-traefik
      volumes:
        - /docker/wizarr:/data/database
      labels:
         - traefik.enable=true
         - traefik.http.routers.wizarr.entryPoints=https
         - traefik.http.routers.wizarr.rule=Host("wizarr..duckdns.org")
         - traefik.http.routers.wizarr.middlewares=geoblock@file, crowdsec@file, error-pages-middleware
      environment:
        - DISABLE_BUILTIN_AUTH=false #Set to true ONLY if you are using another auth provider (Authelia, Authentik, etc)
networks:
  lan-traefik:
    external: true

Is it possible to serve the error-pages when being blocked by the geoblock plugin? Right now I get a blank white page OR the browser asks me if I wan to download an empty file...

Thanks!

2

No custom error code seems to be configurable according to doc.

But if you know the error status code, you should be able to use errorpages middleware.

3

Thank you. So it is not possible to put Package error-pages ยท GitHub after geoblock triggers?

4

Not sure. Usually when a middleware fails, no further middleware is invoked. Maybe you need to assign error before geoblock.

Did you see the error-pages doc section "Usage with Traefik and local Docker Compose"?

5

Yes, I saw, but not sure how I would implement it :frowning:

6

Try to change the order, place error-pages first

7

wow...why did I not think to do this. Working, thanks!!

8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.