mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auto-reload fail2ban when new NPM proxy-host logs appear

Browse Source 
fail2ban only expands glob logpath at startup, so proxy-host-2_access.log
and later files are never monitored until a manual reload.

Adds logwatch.sh (supervisord-managed) that polls /nginx-logs every 30s
and runs fail2ban-client reload whenever a new proxy-host-*_access.log
is detected.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
gitea
2026-02-20 17:49:14 +00:00
parent 6d2ca9ea57
commit fee62b303f
3 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@@ -46,7 +46,8 @@ COPY supervisor.conf /etc/supervisor/conf.d/f2b-control-center.conf
# ── Startup and health ────────────────────────────────────────────────────────
COPY entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
RUN chmod +x /entrypoint.sh /healthcheck.sh
COPY logwatch.sh /logwatch.sh
RUN chmod +x /entrypoint.sh /healthcheck.sh /logwatch.sh
# ── Runtime directories ───────────────────────────────────────────────────────
RUN mkdir -p /data /nginx-logs /var/log /var/run/fail2ban

22
logwatch.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# ── Log file watcher ──────────────────────────────────────────────────────────
# Polls /nginx-logs every 30s. If a new proxy-host-*_access.log appears,
# reloads fail2ban so it picks up the new file immediately.
# ─────────────────────────────────────────────────────────────────────────────
LOG_DIR="${LOG_DIR:-/nginx-logs}"
INTERVAL=30
known=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
echo "[logwatch] Watching $LOG_DIR for new proxy-host log files..."
while true; do
sleep "$INTERVAL"
current=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
if [ "$current" != "$known" ]; then
echo "[logwatch] New log file(s) detected — reloading fail2ban"
fail2ban-client reload 2>&1 | sed 's/^/[logwatch] /'
known="$current"
fi
done

13
supervisor.conf
View File

@@ -37,6 +37,19 @@ stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
priority=10
# ── log watcher ───────────────────────────────────────────────────────────────
[program:logwatch]
command=/logwatch.sh
autostart=true
autorestart=true
startretries=3
startsecs=5
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
priority=15
# ── dashboard ─────────────────────────────────────────────────────────────────
[program:dashboard]
command=/usr/local/bin/node /app/server.js