All apps · 0 apps
CrowdSec-Threat-Map
Docker app from Railloune's Repository
Overview
Readme
View on GitHubCrowdSec Threat Map
CrowdSec Threat Map displays local CrowdSec alerts on an interactive world map with a live feed, search, filters and optional dashboard actions.
This Railline fork adds:
- English and French UI (
LANGUAGE=enorLANGUAGE=fr) - Larger dashboard text for readability
- Optional live firewall drops panel with violet-to-cyan styling
- Optional
/dropsJSON API for firewall/bouncer integrations - Unraid-friendly template defaults
Safe Default
For a dashboard-only setup:
- Mount
/crowdsec/dataread-only. - Leave Docker socket empty.
- Leave
WHITELIST_ENABLED=false. - Leave
DROPS_ENABLED=falseunless you provide a drops JSONL file.
The Docker socket is only needed for dashboard unban or dynamic whitelist restart actions.
Live Drops
The live drops feature is optional. Enable it only when your firewall or bouncer integration writes JSONL events.
Example JSONL line:
{"ts":"2026-06-19T12:30:00Z","ip":"203.0.113.10","country":"FR","packets":12,"bytes":3456,"chain":"DOCKER-USER","rule":"crowdsec-ban"}
Required fields:
ippacketsis optional and defaults to1bytes,country,city,lat,lon,chainandruleare optional
If GeoLite2-City.mmdb is available in the CrowdSec data folder, the app can enrich missing country/city/coordinates.
Links
- App fork: https://github.com/Railline/crowdsec-threat-map-docker
- Original project: https://github.com/kabelsalatundklartext/crowdsec-threat-map-docker
- Docker image:
ghcr.io/railline/crowdsec-threat-map-docker:latest
Install CrowdSec-Threat-Map on Unraid in a few clicks.
Find CrowdSec-Threat-Map in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Requirements
Categories
Related apps
Explore more like this
Explore allDetails
ghcr.io/railline/crowdsec-threat-map-docker:latestRuntime arguments
- Web UI
http://[IP]:[PORT:8080]/- Network
bridge- Shell
sh- Privileged
- false
- Extra Params
--security-opt=no-new-privileges:true
Template configuration
Host port for the CrowdSec Threat Map web dashboard.
- Target
- 8080
- Default
- 8095
- Value
- 8095
CrowdSec data directory containing crowdsec.db and optionally GeoLite2-City.mmdb. Keep read-only for dashboard-only deployments.
- Target
- /crowdsec/data
- Default
- /mnt/user/appdata/crowdsec/data
- Value
- /mnt/user/appdata/crowdsec/data
Optional CrowdSec postoverflows directory. Required only if WHITELIST_ENABLED=true.
- Target
- /crowdsec/postoverflows
- Default
- /mnt/user/appdata/crowdsec/postoverflows
Optional Docker socket. Required only for dashboard unban or dynamic whitelist CrowdSec restart actions.
- Target
- /var/run/docker.sock
- Default
- /var/run/docker.sock
Optional directory containing drops.jsonl for the live firewall drops panel. Leave empty if you only want the translated threat map.
- Target
- /crowdsec/drops
- Default
- /mnt/user/appdata/crowdsec-threat-map/drops
Server marker latitude. Example for Paris: 48.8566.
- Target
- SERVER_LAT
- Default
- 0.0
- Value
- 0.0
Server marker longitude. Example for Paris: 2.3522.
- Target
- SERVER_LON
- Default
- 0.0
- Value
- 0.0
Display name for the server marker.
- Target
- SERVER_NAME
- Default
- MyServer
- Value
- MyServer
Container timezone.
- Target
- TZ
- Default
- Europe/Paris
- Value
- Europe/Paris
Dashboard language: en or fr.
- Target
- LANGUAGE
- Default
- en
- Value
- en
CrowdSec Docker container name. Used only when Docker socket access is mounted for unban/whitelist actions.
- Target
- CROWDSEC_CONTAINER
- Default
- crowdsec
- Value
- crowdsec
Enable only if the postoverflows path is mounted read-write and Docker socket access is intentionally enabled.
- Target
- WHITELIST_ENABLED
- Default
- false
- Value
- false
Whitelist YAML path inside the container.
- Target
- WHITELIST_FILE
- Default
- /crowdsec/postoverflows/s01-whitelist/my-whitelist.yaml
- Value
- /crowdsec/postoverflows/s01-whitelist/my-whitelist.yaml
How often the public IP is checked for dynamic whitelist updates, in seconds.
- Target
- WHITELIST_INTERVAL
- Default
- 900
- Value
- 900
Wait time after restarting CrowdSec for whitelist updates.
- Target
- CROWDSEC_RESTART_WAIT
- Default
- 15
- Value
- 15
Minimum time between automatic CrowdSec restarts for whitelist updates.
- Target
- CROWDSEC_RESTART_COOLDOWN
- Default
- 300
- Value
- 300
Recommended when /unban is enabled. Generate with: openssl rand -hex 32. Leave empty only on trusted LAN deployments.
- Target
- UNBAN_API_TOKEN
Metric cache time in seconds.
- Target
- CACHE_TTL
- Default
- 60
- Value
- 60
How many days of CrowdSec alert history to display.
- Target
- DAYS_BACK
- Default
- 365
- Value
- 365
Enable the optional /drops API. Requires a JSONL file mounted at DROPS_LOG_PATH.
- Target
- DROPS_ENABLED
- Default
- false
- Value
- false
Path inside the container to the optional firewall drops JSONL file.
- Target
- DROPS_LOG_PATH
- Default
- /crowdsec/drops/drops.jsonl
- Value
- /crowdsec/drops/drops.jsonl
Maximum number of live drop events returned by /drops.
- Target
- DROPS_MAX_EVENTS
- Default
- 200
- Value
- 200
Only keep drop events newer than this age. Use 0 to disable age filtering.
- Target
- DROPS_MAX_AGE_SECONDS
- Default
- 3600
- Value
- 3600