chore: remove webhook, .env.example; comment out optional compose vars

- Remove WEBHOOK_URL from server.js and compose (too many untestable edge cases) - Delete .env.example (config is now inline in docker-compose.yml) - Comment out ABUSEIPDB_API_KEY, CF_EMAIL, CF_APIKEY in compose by default Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 15:25:02 +00:00
parent 1be79cbd3e
commit 9f7060b7fd
3 changed files with 3 additions and 61 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,46 +0,0 @@
-# ── F2B Control Center — environment configuration ───────────────────────────
-# cp .env.example .env  then fill in your values.
-# ─────────────────────────────────────────────────────────────────────────────
-
-# ── Data directory ────────────────────────────────────────────────────────────
-# Host path where NPM data, logs, and certs are stored.
-# NPM logs will be at: ${DATA_DIR}/npm/logs/proxy-host-*_access.log
-DATA_DIR=./data
-
-# ── Dashboard ─────────────────────────────────────────────────────────────────
-# Port the dashboard listens on (direct host port — network_mode: host)
-DASHBOARD_PORT=4000
-
-# ── Network ───────────────────────────────────────────────────────────────────
-# Comma-separated CIDRs to skip during log scanning and banning.
-# Include your LAN, Docker bridge, and any other trusted networks.
-SUBNETS_TO_IGNORE=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-
-# ── AbuseIPDB (optional but recommended) ─────────────────────────────────────
-# Enables IP reputation lookups and the AUTO-BAN feature.
-# Free API keys: https://www.abuseipdb.com/
-ABUSEIPDB_API_KEY=
-
-# ── Telegram notifications (optional) ────────────────────────────────────────
-# Sends a message on ban/unban/start/stop events.
-# 1. Create a bot via @BotFather → copy the token
-# 2. Get your chat ID (send a message to the bot, then:
-#    curl https://api.telegram.org/bot<TOKEN>/getUpdates)
-TELEGRAM_BOT_TOKEN=
-TELEGRAM_CHAT_ID=
-
-# ── Cloudflare (docker-compose.cloudflare.yml only) ───────────────────────────
-# Required when using docker-compose.cloudflare.yml.
-# Global API Key from: https://dash.cloudflare.com/profile/api-tokens
-CF_EMAIL=
-CF_APIKEY=
-
-# ── Webhook (optional) ────────────────────────────────────────────────────────
-# POST to this URL on every manual ban from the dashboard.
-# Payload: { "action": "ban", "ip": "...", "jail": "manual-bans", "ts": "..." }
-WEBHOOK_URL=
-
-# ── Cloudflare whitelist sync (optional) ──────────────────────────────────────
-# Path (inside the container) to a script run after any whitelist change.
-# Mount your script into the container and set this path.
-# CF_SYNC=/usr/local/bin/cloudflare-whitelist-sync.sh
--- a/dashboard/server.js
+++ b/dashboard/server.js
@@ -22,8 +22,6 @@ const SUBNETS       = (process.env.SUBNETS_TO_IGNORE || '10.0.0.0/8,172.16.0.0/1
 const DEFAULT_DAYS  = 3;
 const ABUSE_KEY     = process.env.ABUSEIPDB_API_KEY;
 const AUTOBAN_THR   = 75;
-// Optional: POST to this URL on every manual ban (Discord, Slack, n8n, etc.)
-const WEBHOOK_URL   = process.env.WEBHOOK_URL   || '';

 // ── In-memory state ───────────────────────────────────────────────────────────
 const abuseCache = new Map();   // ip → { score, country, ts }
@@ -153,14 +151,6 @@ async function buildBanList() {
 async function banIP(ip) {
  await run(`fail2ban-client set ${MANUAL_JAIL} banip ${ip}`);
  banCache = null;
-  // Optional webhook notification
-  if (WEBHOOK_URL) {
-    fetch(WEBHOOK_URL, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ action: 'ban', ip, jail: MANUAL_JAIL, ts: new Date().toISOString() }),
-    }).catch(() => {}); // fire and forget — never block on this
-  }
 }

 async function unbanIP(ip, jail) {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,4 @@
 # F2B Control Center — edit values below, then: docker-compose up -d
-# Cloudflare WAF banning: fill in CF_EMAIL + CF_APIKEY — activates automatically.

 version: "3.9"

@@ -28,10 +27,9 @@ services:
    environment:
      PORT:              "4000"
      SUBNETS_TO_IGNORE: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
-      ABUSEIPDB_API_KEY: ""   # optional — enables threat scoring & auto-ban
-      WEBHOOK_URL:       ""   # optional — POST on every manual ban
-      CF_EMAIL:          ""   # optional — Cloudflare account email (enables WAF banning)
-      CF_APIKEY:         ""   # optional — Cloudflare Global API Key
+      # ABUSEIPDB_API_KEY: ""   # enables threat scoring & auto-ban
+      # CF_EMAIL:          ""   # Cloudflare account email  (enables WAF banning)
+      # CF_APIKEY:         ""   # Cloudflare Global API Key (enables WAF banning)
      LOG_DIR:       "/nginx-logs"
      FAIL2BAN_LOG:  "/var/log/fail2ban.log"
      JAIL_LOCAL:    "/etc/fail2ban/jail.local"