gitea
c104e27506
Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
# F2B Control Center — edit values below, then: docker compose up -d
|
|
|
|
services:
|
|
|
|
npm:
|
|
image: jc21/nginx-proxy-manager:latest
|
|
container_name: nginx-proxy-manager
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "81:81"
|
|
volumes:
|
|
- ./data/npm:/data
|
|
- ./data/letsencrypt:/etc/letsencrypt
|
|
|
|
f2b-control-center:
|
|
build: .
|
|
container_name: f2b-control-center
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- npm
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
environment:
|
|
PORT: "4000"
|
|
SUBNETS_TO_IGNORE: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
|
# ABUSEIPDB_API_KEY: "" # enables threat scoring & auto-ban
|
|
# CF_EMAIL: "" # Cloudflare account email (enables WAF banning)
|
|
# CF_APIKEY: "" # Cloudflare Global API Key (enables WAF banning)
|
|
LOG_DIR: "/nginx-logs"
|
|
FAIL2BAN_LOG: "/var/log/fail2ban.log"
|
|
JAIL_LOCAL: "/etc/fail2ban/jail.local"
|
|
MANUAL_JAIL: "manual-bans"
|
|
BAN_HIST_FILE: "/data/ban-history.json"
|
|
volumes:
|
|
- ./data/npm/logs:/nginx-logs
|
|
- f2b-data:/data
|
|
- f2b-config:/etc/fail2ban
|
|
|
|
volumes:
|
|
f2b-data:
|
|
f2b-config:
|