Initial release: F2B Control Center v1.0

Dockerized Fail2Ban + dashboard for Nginx Proxy Manager.

- Single-container image (fail2ban + Node.js + supervisord)
- Pre-built NPM filters: badbot, http-errors, npm-probe, manual-bans
- Web dashboard with live ban feed, log scanner, AbuseIPDB integration
- Configurable via environment variables and .env file
- Persistent volumes for config and ban history
- Webhook support for ban event notifications
- README, .gitignore, MIT license

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fail2ban/jail.local

@@ -0,0 +1,99 @@
+# ── F2B Control Center — fail2ban jail configuration ─────────────────────────
+#
+# This file is written to /etc/fail2ban/jail.local on first container start.
+# After first run it is persisted in the f2b-config Docker volume so your
+# customisations survive image updates.
+#
+# IMPORTANT: The dashboard manages the `ignoreip` line automatically.
+#            Do not edit it by hand unless you are not using the dashboard.
+#
+# LOG FORMAT NOTE:
+#   The default filters expect Nginx Proxy Manager access logs that include
+#   the real client IP in a [Client X.X.X.X] field — the format produced
+#   when NPM forwards through Cloudflare or another proxy.
+#
+#   If your NPM logs have the client IP at the start of each line (standard
+#   nginx combined format), edit the failregex lines in each filter to use:
+#     failregex = ^<HOST> - - \[...
+#   See fail2ban/filter.d/*.conf for both patterns (commented examples included).
+# ─────────────────────────────────────────────────────────────────────────────
+
+[DEFAULT]
+# Default ban duration (supports suffixes: s, m, h, d)
+bantime  = 1h
+
+# Time window in which maxretry violations trigger a ban
+findtime = 10m
+
+# Number of violations before banning
+maxretry = 5
+
+# IPs and subnets to never ban.
+# The dashboard appends whitelisted IPs here — do not remove this line.
+# The entrypoint script expands SUBNETS_TO_IGNORE from your .env on first run.
+ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+
+# Default ban action: iptables-allports blocks all ports for banned IPs.
+# Requires NET_ADMIN capability (granted in docker-compose.yml) and
+# network_mode: host to affect host-level traffic.
+banaction = iptables-allports
+
+# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
+# Blocks known malicious scanners and exploit frameworks by User-Agent.
+# Stricter settings: low maxretry, long ban time.
+[badbot]
+enabled  = true
+filter   = badbot
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 24h
+findtime = 10m
+maxretry = 3
+action   = %(action_)s
+
+# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
+# Bans IPs that generate a high volume of 4xx/5xx errors.
+# Useful for catching brute-force attempts, broken crawlers, and probes.
+[http-errors]
+enabled  = true
+filter   = http-errors
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 1h
+findtime = 5m
+maxretry = 15
+action   = %(action_)s
+
+# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
+# Bans IPs requesting well-known vulnerable paths (.env, wp-admin, etc.).
+# These are almost always malicious — short maxretry, long ban.
+[npm-probe]
+enabled  = true
+filter   = npm-probe
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 48h
+findtime = 30m
+maxretry = 3
+action   = %(action_)s
+
+# ── Manual Bans ───────────────────────────────────────────────────────────────
+# Permanent bans added via the dashboard or `fail2ban-client set manual-bans banip`.
+# No automatic log-based detection — only manual entries via the dashboard.
+[manual-bans]
+enabled  = true
+filter   = manual-bans
+logpath  = /dev/null
+bantime  = -1
+findtime = 1d
+maxretry = 1
+action   = %(action_)s
+
+# ── Recidive ──────────────────────────────────────────────────────────────────
+# Escalated bans for repeat offenders across any jail.
+# Disabled by default — enable if you want long-term blocks for persistent attackers.
+[recidive]
+enabled  = false
+filter   = recidive
+logpath  = /var/log/fail2ban.log
+bantime  = 7d
+findtime = 1d
+maxretry = 3
+action   = %(action_)s