diff --git a/swarm/core.yml b/swarm/core.yml
index 86d7ff5..aa62de0 100644
--- a/swarm/core.yml
+++ b/swarm/core.yml
@@ -86,6 +86,8 @@ services:
         - traefik.http.routers.traefik-public-https.service=api@internal
         # Define the port inside of the Docker service to use
         - traefik.http.services.traefik-public.loadbalancer.server.port=8080
+        # - crowdsec.enable=true
+        # - crowdsec.labels.type=nginx
     volumes:
       # Add Docker as a mounted volume, so that Traefik can read the labels of other services
       - /var/run/docker.sock:/var/run/docker.sock:ro
diff --git a/swarm/crowdsec.yml b/swarm/crowdsec.yml
new file mode 100644
index 0000000..cff3cde
--- /dev/null
+++ b/swarm/crowdsec.yml
@@ -0,0 +1,57 @@
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:slim
+    restart: always
+    networks:
+      crowdsec:
+    environment:
+      DOCKER_HOST: tcp://socket-proxy:2375
+      COLLECTIONS: "crowdsecurity/nginx"
+    ports:
+      - "127.0.0.1:8080:8080"
+    depends_on:
+      - 'socket-proxy'
+    volumes:
+      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
+      - crowdsec-db:/var/lib/crowdsec/data/
+      - crowdsec-config:/etc/crowdsec/
+
+  socket-proxy:
+    networks:
+      crowdsec:
+    restart: always
+    image: lscr.io/linuxserver/socket-proxy:latest
+    container_name: socket-proxy
+    environment:
+      INFO: 1
+      CONTAINERS: 1
+      POST: 0
+      BUILD: 0
+      COMMIT: 0
+      CONFIGS: 0
+      DISTRIBUTION: 0
+      EXEC: 0
+      GRPC: 0
+      IMAGES: 0
+      NETWORKS: 0
+      NODES: 0
+      PLUGINS: 0
+      SERVICES: 0
+      SESSION: 0
+      SWARM: 0
+      SYSTEM: 0
+      TASKS: 0
+      VOLUMES: 0
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+    read_only: true
+    tmpfs:
+      - /run
+
+volumes:
+  crowdsec-db:
+  crowdsec-config:
+
+networks:
+  crowdsec:
+    driver: bridge
\ No newline at end of file
diff --git a/swarm/crowdsec/acquis.yaml b/swarm/crowdsec/acquis.yaml
new file mode 100644
index 0000000..f670b36
--- /dev/null
+++ b/swarm/crowdsec/acquis.yaml
@@ -0,0 +1,3 @@
+source: docker
+use_container_labels: true ## https://docs.crowdsec.net/docs/next/data_sources/docker#use_container_labels
+check_interval: 10s ## How often to check for new containers https://docs.crowdsec.net/docs/next/appsec/quickstart/traefik
\ No newline at end of file