Is your feature request related to a problem? Please describe. 🐛
Currently (or rather in the RC) the appsec and LAPI endpoints both use crowdsecLapiScheme https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/pull/123/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R79 but there are scenarios where this doesn't work - such as pointing at a central LAPI service served over https and a local appsec service over an internal docker network served over http.

Describe the solution you'd like ✨
Allow separate schemes for LAPI and Appsec endpoints

Hi,

Thanks for using the plugin.

When we added the support for appsec, we thought about "scheme" to connect to the LAPI and Appsec.

Because we already have a lot of variables we decided to not add support by default for different supported scheme.
We wanted to see if it was really needed before implementing it.

I believe it needs at least 2 variables, scheme + insecure and 2 objects in the bouncer httpClient containing a tlsconfig.
It is added to the todolist, we will update you soon

Yeah, I understand the desire not to add a bunch more configuration options but unfortunately the way Crowdsec have implemented their appsec component it's perfectly legitimate to have your bouncer talking to a Central LAPI endpoint for normal decisions but a local crowdsec instance for appsec - and in a docker setup that means that configuring https for that appsec instance is a lot of work for little gain because you can push it all over a private docker network.

In the meantime I'm sending all my appsec traffic back to the central LAPI to keep everything secure, and the latency isn't a huge issue in my setup, but it would be nice to be able to split them up.