mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
920b69cfca2560c8f8e4e00a4dc39ae3defd7190
Fail2Ban-Dashboard---NPM/Dockerfile
gitea 920b69cfca feat: plug-and-play refactor — docker-npm action, CF support, whitelist live-update 
- Replace iptables-allports with docker-npm action (DOCKER-USER + xt_string
  X-Forwarded-For matching + INPUT chain) matching user's working setup
- Add telegram_notif.sh (deployed to /data/action.d/ at first run, user-editable)
- Add cloudflare.conf action; jail.cloudflare.local enabled via CF compose file
- Two compose files: docker-compose.yml (standard) and docker-compose.cloudflare.yml
- entrypoint: modprobe xt_string, DOCKER-USER chain check, CF jail auto-selection,
  telegram_notif.sh deployment to persistent volume on first run
- Fix whitelist live-update: addignoreip/delignoreip called alongside jail.local write
- Hardcode AUTOBAN_THR=75 and DEFAULT_DAYS=3 (remove env vars)
- Include Nginx Proxy Manager in both compose files with shared log bind mount
- Rewrite filters for actual NPM log format ([Client <HOST>] real IP extraction)
- Add DATA_DIR, Telegram, CF API key fields to .env.example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 15:08:06 +00:00

64 lines
3.6 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ── F2B Control Center ────────────────────────────────────────────────────────
# Single-container image: Fail2Ban + Node.js dashboard + supervisord
#
# Build: docker build -t f2b-control-center .
# Run: docker-compose up -d
# ─────────────────────────────────────────────────────────────────────────────
FROM node:18-slim
LABEL org.opencontainers.image.title="F2B Control Center" \
org.opencontainers.image.description="Fail2Ban + dashboard for Nginx Proxy Manager" \
org.opencontainers.image.licenses="MIT"
# ── System dependencies ───────────────────────────────────────────────────────
# fail2ban the core banning daemon
# supervisor process manager (runs fail2ban + node in one container)
# iptables default ban action backend (requires NET_ADMIN + NET_RAW)
# ipset optional; used by some fail2ban actions for performance
# curl used by the webhook action and healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends \
fail2ban \
supervisor \
iptables \
ipset \
curl \
&& rm -rf /var/lib/apt/lists/*
# ── Dashboard dependencies ────────────────────────────────────────────────────
WORKDIR /app
COPY dashboard/package*.json ./
RUN npm ci --omit=dev --prefer-offline
# ── Dashboard source ──────────────────────────────────────────────────────────
COPY dashboard/server.js ./
COPY dashboard/public ./public/
# ── Default fail2ban config (copied to /etc/fail2ban on first run) ────────────
COPY fail2ban/ /etc/f2b-defaults/
# ── Process management ────────────────────────────────────────────────────────
COPY supervisor.conf /etc/supervisor/conf.d/f2b-control-center.conf
# ── Startup and health ────────────────────────────────────────────────────────
COPY entrypoint.sh /entrypoint.sh
COPY healthcheck.sh /healthcheck.sh
RUN chmod +x /entrypoint.sh /healthcheck.sh \
/etc/f2b-defaults/action.d/telegram_notif.sh
# ── Runtime directories ───────────────────────────────────────────────────────
RUN mkdir -p /data /nginx-logs /var/log /var/run/fail2ban
# ── Persistent volumes ────────────────────────────────────────────────────────
# /data ban-history.json and other app state
# /nginx-logs mount your NPM log directory here (read-only)
# /etc/fail2ban persists user-edited jail config across image updates
VOLUME ["/data", "/nginx-logs", "/etc/fail2ban"]
EXPOSE 4000
HEALTHCHECK --interval=30s --timeout=10s --start-period=25s --retries=3 \
CMD /healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink