gitea
920b69cfca
- Replace iptables-allports with docker-npm action (DOCKER-USER + xt_string X-Forwarded-For matching + INPUT chain) matching user's working setup - Add telegram_notif.sh (deployed to /data/action.d/ at first run, user-editable) - Add cloudflare.conf action; jail.cloudflare.local enabled via CF compose file - Two compose files: docker-compose.yml (standard) and docker-compose.cloudflare.yml - entrypoint: modprobe xt_string, DOCKER-USER chain check, CF jail auto-selection, telegram_notif.sh deployment to persistent volume on first run - Fix whitelist live-update: addignoreip/delignoreip called alongside jail.local write - Hardcode AUTOBAN_THR=75 and DEFAULT_DAYS=3 (remove env vars) - Include Nginx Proxy Manager in both compose files with shared log bind mount - Rewrite filters for actual NPM log format ([Client <HOST>] real IP extraction) - Add DATA_DIR, Telegram, CF API key fields to .env.example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
76 lines
3.0 KiB
Plaintext
76 lines
3.0 KiB
Plaintext
# ── F2B Control Center — jail configuration (standard) ───────────────────────
|
|
#
|
|
# Installed to /etc/fail2ban/jail.local on first container start.
|
|
# Persisted in the f2b-config Docker volume — survives image updates.
|
|
#
|
|
# WHITELIST: managed by the dashboard. The ignoreip line below is written by
|
|
# the entrypoint (from SUBNETS_TO_IGNORE) and updated live by the dashboard
|
|
# without restarting fail2ban.
|
|
#
|
|
# CLOUDFLARE: to also block IPs at the CF level, use docker-compose.cloudflare.yml
|
|
# instead of docker-compose.yml. It installs jail.cloudflare.local which
|
|
# adds the cloudflare action to every jail automatically.
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
[DEFAULT]
|
|
bantime = 1h
|
|
findtime = 10m
|
|
maxretry = 5
|
|
|
|
# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
|
|
# Updated live by the dashboard — do not edit by hand.
|
|
ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
|
|
# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
|
|
[badbot]
|
|
enabled = true
|
|
filter = badbot
|
|
logpath = /nginx-logs/proxy-host-*_access.log
|
|
bantime = 24h
|
|
findtime = 10m
|
|
maxretry = 3
|
|
action = docker-npm
|
|
|
|
# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
|
|
[http-errors]
|
|
enabled = true
|
|
filter = http-errors
|
|
logpath = /nginx-logs/proxy-host-*_access.log
|
|
bantime = 1h
|
|
findtime = 5m
|
|
maxretry = 15
|
|
action = docker-npm
|
|
|
|
# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
|
|
[npm-probe]
|
|
enabled = true
|
|
filter = npm-probe
|
|
logpath = /nginx-logs/proxy-host-*_access.log
|
|
bantime = 48h
|
|
findtime = 30m
|
|
maxretry = 3
|
|
action = docker-npm
|
|
|
|
# ── Manual Bans ───────────────────────────────────────────────────────────────
|
|
# Populated via dashboard or: fail2ban-client set manual-bans banip <IP>
|
|
[manual-bans]
|
|
enabled = true
|
|
filter = manual-bans
|
|
logpath = /dev/null
|
|
bantime = -1
|
|
findtime = 1d
|
|
maxretry = 1
|
|
action = docker-npm
|
|
|
|
# ── Recidive — repeat offenders ───────────────────────────────────────────────
|
|
# Escalates bans to 7d for IPs that get banned 3+ times within a day.
|
|
# Enable once your other jails have been running for a while.
|
|
[recidive]
|
|
enabled = false
|
|
filter = recidive
|
|
logpath = /var/log/fail2ban.log
|
|
bantime = 7d
|
|
findtime = 1d
|
|
maxretry = 3
|
|
action = docker-npm
|