mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04964dd174bcc089cf27b60918d46e2cdfd19fb0
Fail2Ban-Dashboard---NPM/Dockerfile
gitea 04964dd174 fix: switch to iptables-legacy in container 
Debian node:18-slim defaults to iptables-nft which requires nftables
kernel access that Docker's seccomp profile blocks even with NET_ADMIN.
Switch to iptables-legacy which works correctly with NET_ADMIN + NET_RAW.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 17:12:20 +00:00

68 lines
3.8 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ── F2B Control Center ────────────────────────────────────────────────────────
# Single-container image: Fail2Ban + Node.js dashboard + supervisord
#
# Build: docker build -t f2b-control-center .
# Run: docker-compose up -d
# ─────────────────────────────────────────────────────────────────────────────
FROM node:18-slim
LABEL org.opencontainers.image.title="F2B Control Center" \
org.opencontainers.image.description="Fail2Ban + dashboard for Nginx Proxy Manager" \
org.opencontainers.image.licenses="MIT"
# ── System dependencies ───────────────────────────────────────────────────────
# fail2ban the core banning daemon
# supervisor process manager (runs fail2ban + node in one container)
# iptables default ban action backend (requires NET_ADMIN + NET_RAW)
# ipset optional; used by some fail2ban actions for performance
# curl used by the webhook action and healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends \
fail2ban \
supervisor \
iptables \
ipset \
curl \
jq \
&& update-alternatives --set iptables /usr/sbin/iptables-legacy \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
&& rm -rf /var/lib/apt/lists/* \
# Remove debian default jail (enables sshd which has no log file in container)
&& rm -f /etc/fail2ban/jail.d/defaults-debian.conf
# ── Dashboard dependencies ────────────────────────────────────────────────────
WORKDIR /app
COPY dashboard/package*.json ./
RUN npm ci --omit=dev --prefer-offline
# ── Dashboard source ──────────────────────────────────────────────────────────
COPY dashboard/server.js ./
COPY dashboard/public ./public/
# ── Default fail2ban config (copied to /etc/fail2ban on first run) ────────────
COPY fail2ban/ /etc/f2b-defaults/
# ── Process management ────────────────────────────────────────────────────────
COPY supervisor.conf /etc/supervisor/conf.d/f2b-control-center.conf
# ── Startup and health ────────────────────────────────────────────────────────
COPY entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
RUN chmod +x /entrypoint.sh /healthcheck.sh
# ── Runtime directories ───────────────────────────────────────────────────────
RUN mkdir -p /data /nginx-logs /var/log /var/run/fail2ban
# ── Persistent volumes ────────────────────────────────────────────────────────
# /data ban-history.json and other app state
# /nginx-logs mount your NPM log directory here (read-only)
# /etc/fail2ban persists user-edited jail config across image updates
VOLUME ["/data", "/nginx-logs", "/etc/fail2ban"]
EXPOSE 4000
HEALTHCHECK --interval=30s --timeout=10s --start-period=25s --retries=3 \
CMD /healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink