Skip to content

Instantly share code, notes, and snippets.

@djonko
Forked from Rankarusu/manual.md
Created November 5, 2023 02:51
Show Gist options
  • Save djonko/1287f4b844c420c380f5b89ed7061510 to your computer and use it in GitHub Desktop.
Save djonko/1287f4b844c420c380f5b89ed7061510 to your computer and use it in GitHub Desktop.
Setting up fail2ban with nginx proxy manager running via docker

Setting up fail2ban with nginx proxy manager running via docker

trying to follow this tutorial, i was not able to get fail2ban to work in my setup, so here is a gist in case I forget.

1. install fail2ban

sudo apt install fail2ban

2. make a copy of the jail config to edit

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

edit your preferred defaults in here. e.g. bantime, ignoreip

3. mount your log folder outside of nginx proxy manager

    volumes:
    - /path/to/logs:/data/logs

4. create /etc/fail2ban/filter.d/npm.conf

[INCLUDES]

[Definition]

failregex = ^<HOST>.+" (4\d\d|3\d\d) (\d\d\d|\d) .+$
            ^.+ 4\d\d \d\d\d - .+ \[Client <HOST>\] \[Length .+\] ".+" .+$

5. create /etc/fail2ban/action.d/docker-action.conf

#https://www.the-lazy-dev.com/en/install-fail2ban-with-docker/
[Definition]

actionstart = iptables -N f2b-npm-docker
              iptables -A f2b-npm-docker -j RETURN
              iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker

actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker
             iptables -F f2b-npm-docker
             iptables -X f2b-npm-docker

actioncheck = iptables -n -L FORWARD | grep -q 'f2b-npm-docker[ \t]'

actionban = iptables -I f2b-npm-docker -s <ip> -j DROP

actionunban = iptables -D f2b-npm-docker -s <ip> -j DROP

6. create /etc/fail2ban/jail.d/npm.local

[npm]
enabled = true
chain=INPUT
maxretry = 3
bantime = 48h
findtime = 60m
logpath = /path/to/logs/default-host_*.log
          /path/to/logs/proxy-host-*.log
action = docker-action
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment