📝 Fix exemple links and documentation for wicketkeeper

Author: mathieuHa

README.md

@@ -39,6 +39,7 @@ The following captcha providers are supported now:
 - [hcaptcha](https://www.hcaptcha.com/)
 - [recaptcha](https://www.google.com/recaptcha/about/)
 - [turnstile](https://www.cloudflare.com/products/turnstile/)
+- [custom/wicketkeeper](https://github.com/a-ve/wicketkeeper)
 
 There are 5 operating modes (CrowdsecMode) for this plugin:
 
@@ -684,7 +685,7 @@ docker exec crowdsec cscli decisions remove --ip 10.0.0.10 -t captcha
 
 #### 1. Behind another proxy service (ex: clouflare) [examples/behind-proxy/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/behind-proxy/README.md)
 
-#### 2. With Redis as an external shared cache [examples/redis-cache/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/redis-cache/README.md)
+q#### 2. With Redis as an external shared cache [examples/redis-cache/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/redis-cache/README.md)
 
 #### 3. Using Trusted IP (ex: LAN OR VPN) that won't get filtered by crowdsec [examples/trusted-ips/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/trusted-ips/README.md)
 
@@ -702,6 +703,8 @@ docker exec crowdsec cscli decisions remove --ip 10.0.0.10 -t captcha
 
 #### 10. Using Traefik with Custom Ban HTML Page [examples/custom-ban-page/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/custom-ban-page/README.md)
 
+#### 11. Using Traefik with Custom Captcha Whiketkeeper[examples/custom-captcha/README.md](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/examples/custom-captcha/README.md)
+
 ### Local Mode
 
 Traefik also offers a developer mode that can be used for temporary testing of plugins not hosted on GitHub.

bouncer.go

@@ -252,6 +252,7 @@ func New(_ context.Context, next http.Handler, config *configuration.Config, nam
 		config.CaptchaGracePeriodSeconds,
 	)
 	if err != nil {
+		log.Error("CaptchaClient not valid " + err.Error())
 		return nil, err
 	}
 

examples/custom-captcha/README.md

@@ -5,9 +5,10 @@ Read the example captcha before this, to better understand what is done here.
 ### Traefik configuration
 
 The minimal configuration is defined below to implement custom captcha.  
-This documentation use https://github.com/a-ve/wicketpeeker, a self-hosted captcha provider that have a similar API than big providers.  
+This documentation use https://github.com/a-ve/wicketpeeker, a self-hosted captcha provider that have a similar API than big providers.
 
 Minimal API requirement:
+
 - the JS file URL to load the captcha on the served `captcha.html`
 - the HTML className to tell to the JS where to display the challenge
 - the verify URL endpoint to send the response from the captcha
@@ -21,41 +22,45 @@ Minimal API requirement:
     labels:
       # Choose captcha provider
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaProvider=custom"
-      # Define captcha grade period seconds
+      # Define captcha grace period seconds
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaGracePeriodSeconds=1800"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaCustomJsURL=http://captcha.localhost:8000/fast.js"
+      # Inside Traefik container the plugin must be able to reach wicketkeeper service so we can go through a Traefik localhost
+      # domain which would resolve traefik itself and the port for the dashboard
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomValidateURL=http://wicketkeeper:8080/v0/siteverify"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomKey=wicketkeeper"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomResponse=wicketkeeper_solution"
       # Define captcha HTML file path
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaHTMLFilePath=/captcha.html"
-      # 
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaCustomJsURL=http://localhost:8080/fast.js"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomValidateURL=http://localhost:8080/v0/siteverify"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomKey=wicketpeeker"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomResponse=response"
 ```
 
-```yaml 
-  wicketkeeper:
-    image: ghcr.io/a-ve/wicketkeeper:latest
-    ports:
-      - "8080:8080"
-    environment:
-      - ROOT_URL=http://localhost:8080
-      - LISTEN_PORT=8080
-      - REDIS_ADDR=redis:6379
-      - DIFFICULTY=4
-      - ALLOWED_ORIGINS=*
-      - PRIVATE_KEY_PATH=/data/wicketkeeper.key
-    volumes:
-      - ./data:/data
-    depends_on:
-      - redis
-  redis:
-    image: redis/redis-stack-server:latest
+```yaml
+wicketkeeper:
+  image: ghcr.io/a-ve/wicketkeeper:latest
+  user: root
+  ports:
+    - "8080:8080"
+  environment:
+    - ROOT_URL=http://localhost:8080
+    - LISTEN_PORT=8080
+    - REDIS_ADDR=redis:6379
+    - DIFFICULTY=4
+    - ALLOWED_ORIGINS=*
+    - PRIVATE_KEY_PATH=/data/wicketkeeper.key
+  volumes:
+    - ./data:/data
+  depends_on:
+    - redis
+redis:
+  image: redis/redis-stack-server:latest
 ```
 
 ## Exemple navigation
+
 We can try to query normally the whoami server:
+
 ```bash
-curl http://localhost:8000
+curl http://localhost:8000/foo
 ```
 
 We can try to ban ourself and retry.
@@ -65,6 +70,7 @@ docker exec crowdsec cscli decisions add --ip 10.0.0.20 -d 10m --type captcha
 ```
 
 To play the demo environment run:
+
 ```bash
 make run_custom_captcha
-```
+```

examples/custom-captcha/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: "traefik:v3.0.0"
+    image: "traefik:v3.5.0"
     container_name: "traefik"
     restart: unless-stopped
     command:
@@ -11,15 +11,16 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.forwardedheaders.trustedips=172.18.0.0/24"
 
-      # - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      # - "--experimental.plugins.bouncer.version=v1.4.5"
-      - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+      - "--experimental.plugins.bouncer.version=v1.4.5"
+      # - "--experimental.localplugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - logs-custom-captcha-enabled:/var/log/traefik
       - "./captcha.html:/captcha.html"
-      - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+      # - ./../../:/plugins-local/src/github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
     ports:
       - 8000:80
       - 8080:8080
@@ -45,10 +46,12 @@ services:
 
       # Choose captcha provider
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaProvider=custom"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaCustomJsURL=http://captcha.localhost:8080/fast.js"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomValidateURL=http://captcha.localhost:8080/v0/siteverify"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomKey=wicketpeeker"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomResponse=response"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaCustomJsURL=http://captcha.localhost:8000/fast.js"
+      # Inside Traefik container the plugin must be able to reach wicketkeeper service so we can go through a Traefik localhost
+      # domain which would resolve traefik itself and the port for the dashboard
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomValidateURL=http://wicketkeeper:8080/v0/siteverify"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomKey=wicketkeeper"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.CaptchaCustomResponse=wicketkeeper_solution"
       # Define captcha grade period seconds
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.captchaGracePeriodSeconds=20"
       # Define captcha HTML file path
@@ -78,7 +81,7 @@ services:
     image: ghcr.io/maxlerebourg/wicketkeeper:latest
     container_name: "wicketkeeper"
     environment:
-      - ROOT_URL=http://localhost:8080
+      - ROOT_URL=http://captcha.localhost:8000
       - LISTEN_PORT=8080
       - REDIS_ADDR=redis:6379
       - DIFFICULTY=4