I don't believe crowdsec can be configured to work with containers (but check the docs). SWAG has it's own Nginx setup inside, and the crowdsec Nginx bouncer is made to work with a standard install of Nginx. I'm not sure how to configure the bouncer to get at the logs and broker connections inside the container, but maybe it's possible. The firewall bouncer should still be useful overall, it just lacks the intelligence specifically for Nginx. Good question, sorry I don't have a good answer.