SpongeRoss Posted October 3, 2023 Share Posted October 3, 2023 Hi, I got Nextcloud running and available through swag no problem. Now I would like to secure my connexion using Fail2ban, however after following the nextcloud documentation and this unraid tutorial, fail2ban won't start. Can someone help? Here is the whole process I followed: 1 - In the jail.local file found in /mnt/user/appdata/swag/fail2ban I added the following : [nextcloud] enabled = true filter = nextcloud port = http,https logpath = /mnt/user/NextCloud/nextcloud.log 2 - In /mnt/user/appdata/swag/fail2ban/filter.d I created nextcloud.conf and added: [Definition] _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" 3 - From the swag console, I went to /etc/fail2ban/jail.d and have created a nextcloud.local file. Then inside it I added: [nextcloud] backend = auto enabled = true port = 80,443 protocol = tcp filter = nextcloud maxretry = 3 bantime = 86400 findtime = 43200 logpath = /mnt/user/NextCloud/nextcloud.log 4 - Restarted Swag 5 - Used the command fail2ban-client start in the swag command line 6 - Got the error [4858]: ERROR Failed during configuration: Have not found any log file for nextcloud jail 1 Quote Link to comment
Mainfrezzer Posted October 3, 2023 Share Posted October 3, 2023 you do need to mount /mnt/user/NextCloud/nextcloud.log in the swag container. The docker container has no access to the files on the hostsystem. 1 Quote Link to comment
SpongeRoss Posted October 3, 2023 Author Share Posted October 3, 2023 3 hours ago, Mainfrezzer said: you do need to mount /mnt/user/NextCloud/nextcloud.log in the swag container. The docker container has no access to the files on the hostsystem. Thanks for your reply! I get the following error: mount: can't find /mnt/user/NextCloud/nextcloud.log in /etc/fstab should the path be different? Quote Link to comment
Solution Mainfrezzer Posted October 3, 2023 Solution Share Posted October 3, 2023 (edited) Via the GUI you just simply edit the container and add a new path with container path as where its available inside the container and host path where it is on the host machine. indepth information about docker and bind mounts can be found here https://docs.docker.com/storage/bind-mounts/ Edited October 3, 2023 by Mainfrezzer 1 Quote Link to comment
SpongeRoss Posted October 3, 2023 Author Share Posted October 3, 2023 5 hours ago, Mainfrezzer said: Via the GUI you just simply edit the container and add a new path with container path as where its available inside the container and host path where it is on the host machine. indepth information about docker and bind mounts can be found here https://docs.docker.com/storage/bind-mounts/ That did it, thanks a lot!! Quote Link to comment
gurulee Posted August 9 Share Posted August 9 On 10/3/2023 at 6:23 AM, SpongeRoss said: Hi, I got Nextcloud running and available through swag no problem. Now I would like to secure my connexion using Fail2ban, however after following the nextcloud documentation and this unraid tutorial, fail2ban won't start. Can someone help? Here is the whole process I followed: 1 - In the jail.local file found in /mnt/user/appdata/swag/fail2ban I added the following : [nextcloud] enabled = true filter = nextcloud port = http,https logpath = /mnt/user/NextCloud/nextcloud.log 2 - In /mnt/user/appdata/swag/fail2ban/filter.d I created nextcloud.conf and added: [Definition] _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" 3 - From the swag console, I went to /etc/fail2ban/jail.d and have created a nextcloud.local file. Then inside it I added: [nextcloud] backend = auto enabled = true port = 80,443 protocol = tcp filter = nextcloud maxretry = 3 bantime = 86400 findtime = 43200 logpath = /mnt/user/NextCloud/nextcloud.log 4 - Restarted Swag 5 - Used the command fail2ban-client start in the swag command line 6 - Got the error [4858]: ERROR Failed during configuration: Have not found any log file for nextcloud jail Thank you! This answered my earlier question on the 'jail.d' folder being missing. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.