gitea
c104e27506
Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
23 lines
1.1 KiB
Bash
23 lines
1.1 KiB
Bash
#!/bin/bash
|
|
# ── Log file watcher ──────────────────────────────────────────────────────────
|
|
# Polls /nginx-logs every 30s. If a new proxy-host-*_access.log appears,
|
|
# reloads fail2ban so it picks up the new file immediately.
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
LOG_DIR="${LOG_DIR:-/nginx-logs}"
|
|
INTERVAL=30
|
|
|
|
known=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
|
|
|
|
echo "[logwatch] Watching $LOG_DIR for new proxy-host log files..."
|
|
|
|
while true; do
|
|
sleep "$INTERVAL"
|
|
current=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
|
|
if [ "$current" != "$known" ]; then
|
|
echo "[logwatch] New log file(s) detected — reloading fail2ban"
|
|
fail2ban-client reload 2>&1 | sed 's/^/[logwatch] /'
|
|
known="$current"
|
|
fi
|
|
done
|