mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d2ca9ea57679de4ac270f7fc0ca101e49d5a0b1
Fail2Ban-Dashboard---NPM/Dockerfile
gitea 6d2ca9ea57 fix: use iptables-nft so rules land in the same table Docker uses 
Hosts running Docker with the default Debian/Ubuntu iptables use the
nf_tables backend (iptables-nft). Inserting rules via iptables-legacy
created them in a separate, unreferenced table — bans were recorded in
fail2ban but packets were never dropped.

Switching action commands to iptables-nft writes into the same
DOCKER-USER chain that Docker manages, so bans take effect immediately.
Also reverts the update-alternatives override from the Dockerfile since
it is no longer needed (and generated noisy warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 17:29:33 +00:00

66 lines
3.7 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ── F2B Control Center ────────────────────────────────────────────────────────
# Single-container image: Fail2Ban + Node.js dashboard + supervisord
#
# Build: docker build -t f2b-control-center .
# Run: docker-compose up -d
# ─────────────────────────────────────────────────────────────────────────────
FROM node:18-slim
LABEL org.opencontainers.image.title="F2B Control Center" \
org.opencontainers.image.description="Fail2Ban + dashboard for Nginx Proxy Manager" \
org.opencontainers.image.licenses="MIT"
# ── System dependencies ───────────────────────────────────────────────────────
# fail2ban the core banning daemon
# supervisor process manager (runs fail2ban + node in one container)
# iptables default ban action backend (requires NET_ADMIN + NET_RAW)
# ipset optional; used by some fail2ban actions for performance
# curl used by the webhook action and healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends \
fail2ban \
supervisor \
iptables \
ipset \
curl \
jq \
&& rm -rf /var/lib/apt/lists/* \
# Remove debian default jail (enables sshd which has no log file in container)
&& rm -f /etc/fail2ban/jail.d/defaults-debian.conf
# ── Dashboard dependencies ────────────────────────────────────────────────────
WORKDIR /app
COPY dashboard/package*.json ./
RUN npm ci --omit=dev --prefer-offline
# ── Dashboard source ──────────────────────────────────────────────────────────
COPY dashboard/server.js ./
COPY dashboard/public ./public/
# ── Default fail2ban config (copied to /etc/fail2ban on first run) ────────────
COPY fail2ban/ /etc/f2b-defaults/
# ── Process management ────────────────────────────────────────────────────────
COPY supervisor.conf /etc/supervisor/conf.d/f2b-control-center.conf
# ── Startup and health ────────────────────────────────────────────────────────
COPY entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
RUN chmod +x /entrypoint.sh /healthcheck.sh
# ── Runtime directories ───────────────────────────────────────────────────────
RUN mkdir -p /data /nginx-logs /var/log /var/run/fail2ban
# ── Persistent volumes ────────────────────────────────────────────────────────
# /data ban-history.json and other app state
# /nginx-logs mount your NPM log directory here (read-only)
# /etc/fail2ban persists user-edited jail config across image updates
VOLUME ["/data", "/nginx-logs", "/etc/fail2ban"]
EXPOSE 4000
HEALTHCHECK --interval=30s --timeout=10s --start-period=25s --retries=3 \
CMD /healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink