CrowdSec-Threat-Map

CrowdSec-Threat-Map

Docker app from Railloune's Repository

Overview

CrowdSec Threat Map displays local CrowdSec alerts on an interactive world map with a live feed, English/French UI, larger readable text, optional violet-to-cyan firewall drops, CSV export, themes, optional unban support and optional dynamic whitelist support. Mount your CrowdSec database read-only for a safe dashboard-only setup. The live drops panel is optional and requires a JSONL file generated by your firewall or bouncer integration.

CrowdSec Threat Map

CrowdSec Threat Map displays local CrowdSec alerts on an interactive world map with a live feed, search, filters and optional dashboard actions.

This Railline fork adds:

  • English and French UI (LANGUAGE=en or LANGUAGE=fr)
  • Larger dashboard text for readability
  • Optional live firewall drops panel with violet-to-cyan styling
  • Optional /drops JSON API for firewall/bouncer integrations
  • Unraid-friendly template defaults

Safe Default

For a dashboard-only setup:

  • Mount /crowdsec/data read-only.
  • Leave Docker socket empty.
  • Leave WHITELIST_ENABLED=false.
  • Leave DROPS_ENABLED=false unless you provide a drops JSONL file.

The Docker socket is only needed for dashboard unban or dynamic whitelist restart actions.

Live Drops

The live drops feature is optional. Enable it only when your firewall or bouncer integration writes JSONL events.

Example JSONL line:

{"ts":"2026-06-19T12:30:00Z","ip":"203.0.113.10","country":"FR","packets":12,"bytes":3456,"chain":"DOCKER-USER","rule":"crowdsec-ban"}

Required fields:

  • ip
  • packets is optional and defaults to 1
  • bytes, country, city, lat, lon, chain and rule are optional

If GeoLite2-City.mmdb is available in the CrowdSec data folder, the app can enrich missing country/city/coordinates.

Links

Install CrowdSec-Threat-Map on Unraid in a few clicks.

Find CrowdSec-Threat-Map in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for CrowdSec-Threat-Map Review the template variables and paths Click Install

Requirements

CrowdSec Docker Container

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/railline/crowdsec-threat-map-docker:latest
Last Updated2026-07-03
First Seen2026-06-19

Runtime arguments

Web UI
http://[IP]:[PORT:8080]/
Network
bridge
Shell
sh
Privileged
false
Extra Params
--security-opt=no-new-privileges:true

Template configuration

WebUI - HTTP host portPorttcp

Host port for the CrowdSec Threat Map web dashboard.

Target
8080
Default
8095
Value
8095
Paths - CrowdSec dataPathro

CrowdSec data directory containing crowdsec.db and optionally GeoLite2-City.mmdb. Keep read-only for dashboard-only deployments.

Target
/crowdsec/data
Default
/mnt/user/appdata/crowdsec/data
Value
/mnt/user/appdata/crowdsec/data
Paths - CrowdSec postoverflowsPathrw

Optional CrowdSec postoverflows directory. Required only if WHITELIST_ENABLED=true.

Target
/crowdsec/postoverflows
Default
/mnt/user/appdata/crowdsec/postoverflows
Paths - Docker socketPathro

Optional Docker socket. Required only for dashboard unban or dynamic whitelist CrowdSec restart actions.

Target
/var/run/docker.sock
Default
/var/run/docker.sock
Paths - Optional drops log directoryPathro

Optional directory containing drops.jsonl for the live firewall drops panel. Leave empty if you only want the translated threat map.

Target
/crowdsec/drops
Default
/mnt/user/appdata/crowdsec-threat-map/drops
Core - SERVER_LATVariable

Server marker latitude. Example for Paris: 48.8566.

Target
SERVER_LAT
Default
0.0
Value
0.0
Core - SERVER_LONVariable

Server marker longitude. Example for Paris: 2.3522.

Target
SERVER_LON
Default
0.0
Value
0.0
Core - SERVER_NAMEVariable

Display name for the server marker.

Target
SERVER_NAME
Default
MyServer
Value
MyServer
Core - TZVariable

Container timezone.

Target
TZ
Default
Europe/Paris
Value
Europe/Paris
Core - LANGUAGEVariable

Dashboard language: en or fr.

Target
LANGUAGE
Default
en
Value
en
CrowdSec - Container nameVariable

CrowdSec Docker container name. Used only when Docker socket access is mounted for unban/whitelist actions.

Target
CROWDSEC_CONTAINER
Default
crowdsec
Value
crowdsec
CrowdSec - Dynamic whitelist enabledVariable

Enable only if the postoverflows path is mounted read-write and Docker socket access is intentionally enabled.

Target
WHITELIST_ENABLED
Default
false
Value
false
CrowdSec - Whitelist fileVariable

Whitelist YAML path inside the container.

Target
WHITELIST_FILE
Default
/crowdsec/postoverflows/s01-whitelist/my-whitelist.yaml
Value
/crowdsec/postoverflows/s01-whitelist/my-whitelist.yaml
CrowdSec - Whitelist intervalVariable

How often the public IP is checked for dynamic whitelist updates, in seconds.

Target
WHITELIST_INTERVAL
Default
900
Value
900
CrowdSec - Restart waitVariable

Wait time after restarting CrowdSec for whitelist updates.

Target
CROWDSEC_RESTART_WAIT
Default
15
Value
15
CrowdSec - Restart cooldownVariable

Minimum time between automatic CrowdSec restarts for whitelist updates.

Target
CROWDSEC_RESTART_COOLDOWN
Default
300
Value
300
CrowdSec - Unban API tokenVariable

Recommended when /unban is enabled. Generate with: openssl rand -hex 32. Leave empty only on trusted LAN deployments.

Target
UNBAN_API_TOKEN
Data - Cache TTLVariable

Metric cache time in seconds.

Target
CACHE_TTL
Default
60
Value
60
Data - Days backVariable

How many days of CrowdSec alert history to display.

Target
DAYS_BACK
Default
365
Value
365
Drops - Enable live drops APIVariable

Enable the optional /drops API. Requires a JSONL file mounted at DROPS_LOG_PATH.

Target
DROPS_ENABLED
Default
false
Value
false
Drops - JSONL pathVariable

Path inside the container to the optional firewall drops JSONL file.

Target
DROPS_LOG_PATH
Default
/crowdsec/drops/drops.jsonl
Value
/crowdsec/drops/drops.jsonl
Drops - Max eventsVariable

Maximum number of live drop events returned by /drops.

Target
DROPS_MAX_EVENTS
Default
200
Value
200
Drops - Max age secondsVariable

Only keep drop events newer than this age. Use 0 to disable age filtering.

Target
DROPS_MAX_AGE_SECONDS
Default
3600
Value
3600