diyfr/action.d_docker-action.conf

## readme.MD

      
    Raw
  

              readme.MD
            
          
    Installez fail2ban

apt-get install -f fail2ban

Activez les logs sur traefik

Il faut à minima les champs décrits dans traefik-part.yml
Ajoutez les fichiers de configuration dans le dossier fail2ban.

Redémarrez le service
Sources:
https://mondedie.fr/d/10496-astuces-configurer-traefik-avec-fail2ban

  
## action.d_docker-action.conf
[Definition]


actionstart = iptables -N f2b-traefik-auth
              iptables -A f2b-traefik-auth -j RETURN
              iptables -I FORWARD -p tcp -m multiport --dports 443 -j f2b-traefik-auth


actionstop = iptables -D FORWARD -p tcp -m multiport --dports 443 -j f2b-traefik-auth
             iptables -F f2b-traefik-auth
             iptables -X f2b-traefik-auth


actioncheck = iptables -n -L FORWARD | grep -q 'f2b-traefik-auth[ \t]'


actionban = iptables -I f2b-traefik-auth -s <ip> -j DROP


actionunban = iptables -D f2b-traefik-auth -s <ip> -j DROP

## filter.d_traefik-auth.conf
[Definition]
failregex=^{"ClientAddr":"<HOST>:.*".*"OriginStatus":401.+$
ignoreregex=

## filter.d_traefik-scan.conf
[Definition]
failregex=^{"ClientAddr":"<HOST>:.*".*"OriginStatus":404.+$
ignoreregex=


## jail.d_traefik.conf
[traefik-auth]
enabled = true
bantime = 30m
findtime = 5m
maxretry = 5
banaction = docker-action
logpath = /home/docker/vol/traefik/logs/access.log
port = http,https


[traefik-scan]
enabled = true
bantime = 10m
findtime = 1m
maxretry = 10
banaction = docker-action
logpath = /home/docker/vol/traefik/logs/access.log
port = http,https

## traefik-part.yml
accessLog:
  filePath: /var/log/traefik/access.log
  format: json
  fields:
    defaultMode: drop
    names:
      StartUTC: keep
      Duration: keep
      OriginStatus: keep
      RequestMethod: keep
      # The remote address in its original form (usually IP:port).
      ClientAddr: keep
      RouterName: keep
    headers:
      defaultMode: drop
	[Definition]



	actionstart = iptables -N f2b-traefik-auth
	iptables -A f2b-traefik-auth -j RETURN
	iptables -I FORWARD -p tcp -m multiport --dports 443 -j f2b-traefik-auth



	actionstop = iptables -D FORWARD -p tcp -m multiport --dports 443 -j f2b-traefik-auth
	iptables -F f2b-traefik-auth
	iptables -X f2b-traefik-auth



	actioncheck = iptables -n -L FORWARD \| grep -q 'f2b-traefik-auth[ \t]'



	actionban = iptables -I f2b-traefik-auth -s <ip> -j DROP



	actionunban = iptables -D f2b-traefik-auth -s <ip> -j DROP
	[Definition]
	failregex=^{"ClientAddr":"<HOST>:."."OriginStatus":401.+$
	ignoreregex=
	[traefik-auth]
	enabled = true
	bantime = 30m
	findtime = 5m
	maxretry = 5
	banaction = docker-action
	logpath = /home/docker/vol/traefik/logs/access.log
	port = http,https



	[traefik-scan]
	enabled = true
	bantime = 10m
	findtime = 1m
	maxretry = 10
	banaction = docker-action
	logpath = /home/docker/vol/traefik/logs/access.log
	port = http,https
	accessLog:
	filePath: /var/log/traefik/access.log
	format: json
	fields:
	defaultMode: drop
	names:
	StartUTC: keep
	Duration: keep
	OriginStatus: keep
	RequestMethod: keep
	# The remote address in its original form (usually IP:port).
	ClientAddr: keep
	RouterName: keep
	headers:
	defaultMode: drop