# F2B Control Center — edit values below, then: docker-compose up -d
# Cloudflare WAF banning: fill in CF_EMAIL + CF_APIKEY — activates automatically.

version: "3.9"

services:

  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - ./data/npm:/data
      - ./data/letsencrypt:/etc/letsencrypt

  f2b-control-center:
    build: .
    image: f2b-control-center:latest
    container_name: f2b-control-center
    restart: unless-stopped
    depends_on:
      - npm
    network_mode: host
    environment:
      PORT:              "4000"
      SUBNETS_TO_IGNORE: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
      ABUSEIPDB_API_KEY: ""   # optional — enables threat scoring & auto-ban
      WEBHOOK_URL:       ""   # optional — POST on every manual ban
      CF_EMAIL:          ""   # optional — Cloudflare account email (enables WAF banning)
      CF_APIKEY:         ""   # optional — Cloudflare Global API Key
      LOG_DIR:       "/nginx-logs"
      FAIL2BAN_LOG:  "/var/log/fail2ban.log"
      JAIL_LOCAL:    "/etc/fail2ban/jail.local"
      MANUAL_JAIL:   "manual-bans"
      BAN_HIST_FILE: "/data/ban-history.json"
    volumes:
      - ./data/npm/logs:/nginx-logs:ro
      - f2b-data:/data
      - f2b-config:/etc/fail2ban

volumes:
  f2b-data:
  f2b-config: