-
-
Save pedrom34/23d4ebdc5b3ff1ca6de371dbdb034996 to your computer and use it in GitHub Desktop.
How to deal with new “unauthorized” fail2ban jail in SWAG
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name dav.*; | |
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self';font-src 'self';frame-ancestors 'none';"; | |
include /config/nginx/ssl.conf; | |
client_max_body_size 0; | |
# enable for Authelia | |
#include /config/nginx/authelia-server.conf; | |
#GeoBlock | |
if ($lan-ip = yes) { set $geo-whitelist yes; } | |
if ($geo-whitelist = no) { return 404; } | |
location /baikal/html { | |
# enable for Authelia | |
#include /config/nginx/authelia-location.conf; | |
include /config/nginx/proxy.conf; | |
include /config/nginx/resolver.conf; | |
proxy_pass http://192.168.0.11:81; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local | |
# This is the custom version of the jail.conf for fail2ban | |
# Feel free to modify this and add additional filters | |
# Then you can drop the new filter conf files into the fail2ban-filters | |
# folder and restart the container | |
[DEFAULT] | |
# Prevents banning LAN subnets | |
ignoreip = 10.8.0.0/24 | |
192.168.0.0/24 | |
172.0.0.0/9 | |
192.168.1.1 | |
# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports". | |
banaction = iptables-allports | |
# "bantime" is the number of seconds that a host is banned. | |
bantime = 43200 | |
# A host is banned if it has generated "maxretry" during the last "findtime" | |
# seconds. | |
findtime = 600 | |
# "maxretry" is the number of failures before a host get banned. | |
maxretry = 3 | |
[ssh] | |
enabled = false | |
[nginx-http-auth] | |
enabled = true | |
filter = nginx-http-auth | |
port = http,https | |
logpath = /config/log/nginx/error.log | |
[nginx-badbots] | |
enabled = true | |
port = http,https | |
filter = nginx-badbots | |
logpath = /config/log/nginx/access.log | |
maxretry = 2 | |
[nginx-botsearch] | |
enabled = true | |
port = http,https | |
filter = nginx-botsearch | |
logpath = /config/log/nginx/access.log | |
[nginx-deny] | |
enabled = true | |
port = http,https | |
filter = nginx-deny | |
logpath = /config/log/nginx/error.log | |
[nginx-unauthorized] | |
enabled = false | |
port = http,https | |
filter = nginx-unauthorized | |
logpath = /config/log/nginx/unauthorized.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Version 2021/05/18 | |
# Make sure that DNS has a cname set for transmission | |
# | |
# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they | |
# rely on the HTTP Status Text to determine if they should add the | |
# X-Transmission-Session-Id header or not. HTTP/2 does not return this text | |
# so jQuery responses are empty. This causes RPCs to fail. | |
# | |
# If your extension is affected, you can remove http2 from the default server | |
# in /config/nginx/site-confs/default or listen on a different port that has | |
# no http2 servers defined. Better yet, submit a bug report with the | |
# extension developer to fix their extensions to support HTTP/2. | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name transmission.*; | |
include /config/nginx/ssl.conf; | |
client_max_body_size 0; | |
# enable for ldap auth, fill in ldap details in ldap.conf | |
#include /config/nginx/ldap.conf; | |
# enable for Authelia | |
#include /config/nginx/authelia-server.conf; | |
#GeoBlock | |
if ($lan-ip = yes) { set $geo-whitelist yes; } | |
if ($geo-whitelist = no) { return 404; } | |
location / { | |
# enable the next two lines for http auth | |
#auth_basic "Restricted"; | |
#auth_basic_user_file /config/nginx/.htpasswd; | |
# enable the next two lines for ldap auth | |
#auth_request /auth; | |
#error_page 401 =200 /ldaplogin; | |
# enable for Authelia | |
#include /config/nginx/authelia-location.conf; | |
include /config/nginx/proxy.conf; | |
include /config/nginx/resolver.conf; | |
set $upstream_app 192.168.0.11; | |
set $upstream_port 9092; | |
set $upstream_proto http; | |
proxy_pass $upstream_proto://$upstream_app:$upstream_port; | |
proxy_pass_header X-Transmission-Session-Id; | |
} | |
location ~ (/transmission)?/rpc { | |
include /config/nginx/proxy.conf; | |
include /config/nginx/resolver.conf; | |
set $upstream_app 192.168.0.11; | |
set $upstream_port 9092; | |
set $upstream_proto http; | |
proxy_pass $upstream_proto://$upstream_app:$upstream_port; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name webdav.*; | |
include /config/nginx/ssl.conf; | |
client_max_body_size 0; | |
# enable for Authelia | |
#include /config/nginx/authelia-server.conf; | |
#GeoBlock | |
if ($lan-ip = yes) { set $geo-whitelist yes; } | |
if ($geo-whitelist = no) { return 404; } | |
location / { | |
# enable for Authelia | |
#include /config/nginx/authelia-location.conf; | |
include /config/nginx/proxy.conf; | |
include /config/nginx/resolver.conf; | |
set $upstream_app 192.168.0.4; | |
set $upstream_port 5005; | |
set $upstream_proto http; | |
proxy_pass $upstream_proto://$upstream_app:$upstream_port; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment