[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Hello, 
Currently running linuxserver/letsencrypt
'fix common problems' said this is not depreciated and should be updated.
I read in the migration notes "As long as you keep the /config folder mapping the same, all your previous config and data will be picked up by the new container"

I am going to SSH and backup (copy) /mnt/user/appdata/letsencrypt for safe keeping in case.
 

Before I proceed:
01. what's the best method to backup the dockers in the state their in? 
< backup the docker.img to another location > that way if it is required to revert and 'start over' the ability to copy and replace is available?
02. can I simply edit the repository from linuxserver/letsencrypt to linuxserver/swag and start the docker and it will push and keep my settings?
03. Am I required to remove letsencrypt docker, then add SWAG, and configure the docker to point at the correct paths, without needing to reconfigure everything?

Thanks,

Edited by bombz
Link to comment
19 hours ago, aptalca said:

Sounds like we all have the same first name 😅

 

The only potential issue I'm aware of is in nextcloud's config.php where you allow a proxy. You'd have to change that to swag if you change the container name (and if you reverse proxy nextcloud)

Just FYI in case anyone else changes container name like myself...

 

I am using DNS Validation through CloudFlare. Changing container name DID prompt it to download new set of certs. No biggie, but for those of us using CloudFlares Proxy it can cause issues if you do not turn CloudFlare Proxy off before trying to write certs it *can* cause headaches... Anyways just FYI 🙂

Link to comment
5 minutes ago, bombz said:

Did you only edit the repository from linuxserver/letsencrypt to linuxserver/swag and start the docker, and everything worked ?

Yes, changing ONLY the repository does work. I didn't move directories or anything. Just so far have changed repository, renamed container and changed the little thumbnail to SWAG. (Not to be facetious but a few pages back it's discussed in length about changing repository and etc :-))

 

Yeah, changing repository ONLY Is *SAFE* though mate! 🙂

Link to comment
12 minutes ago, blaine07 said:

Yes, changing ONLY the repository does work. I didn't move directories or anything. Just so far have changed repository, renamed container and changed the little thumbnail to SWAG. (Not to be facetious but a few pages back it's discussed in length about changing repository and etc :-))

 

Yeah, changing repository ONLY Is *SAFE* though mate! 🙂

Good to know. That was my plan going into it. I was not sure if it would cause other concerns. 
I suppose I will backup all directories as well as take a copy of my docker.img and move it to a safe place, in case I need to restore back if I run into any concerns.

Edited by bombz
  • Like 1
Link to comment
Good to know. That was my plan going into it. I was not sure if it would cause other concerns. 

I suppose I will backup all directories as well as take a copy of my docker.img and move it to a safe place, in case I need to restore back if I run into any concerns.

Absolutely. Always safe over sorry!! Nothing else I don’t, until I renamed container, even provoked it into re-writing certs. You’ll be good mate

 

Oh yeah, as stated above I had to adjust Nextcloud’s config.php. Haven’t found anything else that relies on proxy name like Nextcloud though. :-)

Link to comment
8 minutes ago, blaine07 said:

Absolutely. Always safe over sorry!! Nothing else I don’t, until I renamed container, even provoked it into re-writing certs. You’ll be good mate emoji3.png

 

Oh yeah, as stated above I had to adjust Nextcloud’s config.php. Haven’t found anything else that relies on proxy name like Nextcloud though. 🙂

You bet!
OK, I will plan to work on this update Friday this week and hope everything goes smooth.
Thanks for the heads up on Nextcloud, currently I don't have that running, only a few containers at this point. 
Hope this goes smoothly.

Link to comment

Hi, 

 

After reading through all 196 pages and from the kind support of several members, I am a lot further along than where I was a week ago. One question that does not seem to have been asked though, is what is this "LuaJIT" message on startup......I'm kidding, I'm kidding.....that question must make up at least a fifth of this thread. 🤣

 

I now have SWAG and Fail2ban setup (almost) and would like to kindly ask for one last push in the right direction to be able to sort this out once and for all. I am very much the novice and have tried my best to address this on my own however I have now exhausted my skillset and very much need assistance. 

 

To clarify, there are no error messages in SWAG at all, that is working flawlessly and all my certs are downloaded and in place. Checking the Fail2ban log however, it will only start up if I set the four default jails to "false". My fifth jail; "bitwarden" will start fine when set to "true" though. I have not touched any of the conf files relating to the four default jails. I have reset everything back to default, or I thought I had, clearly I've missed something. The error that is shown in the fail2ban log is long, convoluted and I am unable to identify the source of the problem from it, the odd phrase that I can identify has proven negative after googling. I will paste it below (along with my current working jail.local file) in the hopes that someone may be able to point out my mistake. 

 

Apologies for any duplication between here and the Bitwarden thread, I initially posted a query relating to Bitwarden, however once addressed, this error was identified and so I thought it best to post here.

 

Thanks in advance. 

 

jail.local (email, password and destination redacted)

Quote

## Version 2020/05/10 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
# This is the custom version of the jail.conf for fail2ban
# Feel free to modify this and add additional filters
# Then you can drop the new filter conf files into the fail2ban-filters
# folder and restart the container

[DEFAULT]

action = iptables-allports
                %(action_mw)s[[email protected], password=XXXXX, [email protected], sendername=Fail2Ban]

# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
banaction = iptables-allports

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 5


[ssh]

enabled = false


[nginx-http-auth]

enabled  = false
filter   = nginx-http-auth
port     = http,https
logpath  = /config/log/nginx/error.log
ignoreip = 192.168.1.0/24


[nginx-badbots]

enabled  = false
port     = http,https
filter   = nginx-badbots
logpath  = /config/log/nginx/access.log
maxretry = 2


[nginx-botsearch]

enabled  = false
port     = http,https
filter   = nginx-botsearch
logpath  = /config/log/nginx/access.log

 

[nginx-deny]

enabled  = false
port     = http,https
filter   = nginx-deny
logpath  = /config/log/nginx/error.log

 

[bitwardenrs]

enabled = true
port = http,https
filter = bitwardenrs
action = iptables-allports[name=bitwardenrs]
logpath = /bitwarden/bitwarden.log
maxretry = 3
bantime = 14400
findtime = 14400

 

fail2ban log when any jail other than bitwarden is set to "true"

Quote

2020-09-21 14:53:17,422 fail2ban.server         [392]: INFO    Starting Fail2ban v0.11.1

2020-09-21 14:53:17,423 fail2ban.observer       [392]: INFO    Observer start...

2020-09-21 14:53:17,474 fail2ban.database       [392]: INFO    Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'

2020-09-21 14:53:17,477 fail2ban.jail           [392]: INFO    Creating new jail 'nginx-http-auth'

2020-09-21 14:53:17,482 fail2ban.jail           [392]: INFO    Jail 'nginx-http-auth' uses poller {}

2020-09-21 14:53:17,482 fail2ban.jail           [392]: INFO    Initiated 'polling' backend

2020-09-21 14:53:17,494 fail2ban.filter         [392]: INFO      maxRetry: 5

2020-09-21 14:53:17,494 fail2ban.filter         [392]: INFO      findtime: 600

2020-09-21 14:53:17,494 fail2ban.actions        [392]: INFO      banTime: 600

2020-09-21 14:53:17,495 fail2ban.filter         [392]: INFO      encoding: UTF-8

2020-09-21 14:53:17,498 fail2ban.filter         [392]: INFO    Added logfile: '/config/log/nginx/error.log' (pos = 0, hash = 47f858d36526d1ef0a7f76c716c9701d41b5a948)

2020-09-21 14:53:17,499 fail2ban.transmitter    [392]: WARNING Command ['server-stream', [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', '/config/log/fail2ban/fail2ban.log'], ['set', 'dbfile', '/config/fail2ban/fail2ban.sqlite3'], ['set', 'dbmaxmatches', 10], ['set', 'dbpurgeage', '1d'], ['add', 'nginx-http-auth', 'auto'], ['set', 'nginx-http-auth', 'usedns', 'warn'], ['set', 'nginx-http-auth', 'addfailregex', '^ \\[error\\] \\d+#\\d+: \\*\\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\\"]*"), client: <HOST>, server: \\S*, request: "\\S+ \\S+ HTTP/\\d+\\.\\d+", host: "\\S+"(?:, referrer: "\\S+")?\\s*$'], ['set', 'nginx-http-auth', 'datepattern', '{^LN-BEG}'], ['set', 'nginx-http-auth', 'maxretry', 5], ['set', 'nginx-http-auth', 'maxmatches', 5], ['set', 'nginx-http-auth', 'findtime', '600'], ['set', 'nginx-http-auth', 'bantime', '600'], ['set', 'nginx-http-auth', 'ignorecommand', ''], ['set', 'nginx-http-auth', 'addignoreip', '192.168.1.0/24'], ['set', 'nginx-http-auth', 'logencoding', 'auto'], ['set', 'nginx-http-auth', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'nginx-http-auth', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-http-auth', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-http-auth'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-http-auth\n<iptables> -F f2b-nginx-http-auth\n<iptables> -X f2b-nginx-http-auth'], ['actionflush', '<iptables> -F f2b-nginx-http-auth'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-http-auth[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-http-auth 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-http-auth -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-http-auth'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-http-auth', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-http-auth', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-http-auth'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-http-auth\n<iptables> -F f2b-nginx-http-auth\n<iptables> -X f2b-nginx-http-auth'], ['actionflush', '<iptables> -F f2b-nginx-http-auth'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-http-auth[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-http-auth 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-http-auth -s <ip> -j <blocktype>'], ['name', 'nginx-http-auth'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-http-auth', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-http-auth', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-http-auth has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-http-auth has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: [email protected]\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-http-auth.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' [email protected] -apXXXXX [email protected]'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: [email protected]\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' [email protected] -apXXXXX [email protected]'], ['norestored', True], ['name', 'nginx-http-auth'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', '[email protected]'], ['password', 'XXXXX'], ['destination', '[email protected]'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-botsearch', 'auto'], ['set', 'nginx-botsearch', 'usedns', 'warn'], ['multi-set', 'nginx-botsearch', 'addfailregex', ['^<HOST> \\- \\S+ \\[\\] \\"(GET|POST|HEAD) \\/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]* \\S+\\" 404 .+$', '^ \\[error\\] \\d+#\\d+: \\*\\d+ (\\S+ )?\\"\\S+\\" (failed|is not found) \\(2\\: No such file or directory\\), client\\: <HOST>\\, server\\: \\S*\\, request: \\"(GET|POST|HEAD) \\/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]* \\S+\\"\\, .*?$']], ['set', 'nginx-botsearch', 'datepattern', '{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?\n^[^\\[]*\\[({DATE})\n{^LN-BEG}'], ['set', 'nginx-botsearch', 'maxretry', 2], ['set', 'nginx-botsearch', 'maxmatches', 2], ['set', 'nginx-botsearch', 'findtime', '600'], ['set', 'nginx-botsearch', 'bantime', '600'], ['set', 'nginx-botsearch', 'ignorecommand', ''], ['set', 'nginx-botsearch', 'logencoding', 'auto'], ['set', 'nginx-botsearch', 'addlogpath', '/config/log/nginx/access.log', 'head'], ['set', 'nginx-botsearch', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-botsearch', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-botsearch\n<iptables> -A f2b-nginx-botsearch -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-botsearch'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-botsearch\n<iptables> -F f2b-nginx-botsearch\n<iptables> -X f2b-nginx-botsearch'], ['actionflush', '<iptables> -F f2b-nginx-botsearch'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-botsearch[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-botsearch 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-botsearch -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-botsearch'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-botsearch', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-botsearch', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-botsearch\n<iptables> -A f2b-nginx-botsearch -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-botsearch'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-botsearch\n<iptables> -F f2b-nginx-botsearch\n<iptables> -X f2b-nginx-botsearch'], ['actionflush', '<iptables> -F f2b-nginx-botsearch'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-botsearch[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-botsearch 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-botsearch -s <ip> -j <blocktype>'], ['name', 'nginx-botsearch'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-botsearch', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-botsearch', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-botsearch has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-botsearch has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: [email protected]\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-botsearch.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' [email protected] -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-botsearch'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'ssh', 'auto'], ['set', 'ssh', 'usedns', 'warn'], ['set', 'ssh', 'prefregex', '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'], ['set', 'ssh', 'maxlines', 1], ['multi-set', 'ssh', 'addfailregex', ['^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)', '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)', '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>', '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^refused connect from \\S+ \\(<HOST>\\)', '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$", '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*', '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$', '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:', '^<F-NOFAIL><F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET></F-NOFAIL> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?:(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*|\\s*)$', '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)', '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>']], ['set', 'ssh', 'datepattern', '{^LN-BEG}'], ['set', 'ssh', 'addjournalmatch', '_SYSTEMD_UNIT=sshd.service', '+', '_COMM=sshd'], ['set', 'ssh', 'maxretry', 6], ['set', 'ssh', 'maxmatches', 6], ['set', 'ssh', 'findtime', '600'], ['set', 'ssh', 'bantime', '600'], ['set', 'ssh', 'ignorecommand', ''], ['set', 'ssh', 'logencoding', 'auto'], ['set', 'ssh', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'ssh', 'addaction', 'iptables-allports'], ['multi-set', 'ssh', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-ssh\n<iptables> -A f2b-ssh -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-ssh'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-ssh\n<iptables> -F f2b-ssh\n<iptables> -X f2b-ssh'], ['actionflush', '<iptables> -F f2b-ssh'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-ssh[ \\t]'"], ['actionban', '<iptables> -I f2b-ssh 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-ssh -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'ssh'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'ssh', 'addaction', 'iptables-allports'], ['multi-set', 'ssh', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-ssh\n<iptables> -A f2b-ssh -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-ssh'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-ssh\n<iptables> -F f2b-ssh\n<iptables> -X f2b-ssh'], ['actionflush', '<iptables> -F f2b-ssh'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-ssh[ \\t]'"], ['actionban', '<iptables> -I f2b-ssh 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-ssh -s <ip> -j <blocktype>'], ['name', 'ssh'], ['port', 'ssh'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'ssh', 'addaction', 'sendmail-whois'], ['multi-set', 'ssh', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] ssh: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail ssh has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] ssh: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail ssh has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] ssh: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against ssh.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] ssh: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'ssh'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-badbots', 'auto'], ['set', 'nginx-badbots', 'usedns', 'warn'], ['set', 'nginx-badbots', 'addfailregex', '^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:Atomic_Email_Hunter/4\\.0|atSpider/1\\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\\.6|ContactBot/0\\.2|ContentSmartz|DataCha0s/2\\.0|DBrowse 1\\.4b|DBrowse 1\\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\\.0\\.x|ISC Systems iRc Search 2\\.1|IUPUI Research Bot v 1\\.9a|LARBIN-EXPERIMENTAL \\(efp@gmx\\.net\\)|LetsCrawl\\.com/1\\.0 \\+http\\://letscrawl\\.com/|Lincoln State Web Browser|LMQueueBot/0\\.2|LWP\\:\\:Simple/5\\.803|Mac Finder 1\\.0\\.xx|MFC Foundation Class Library 4\\.0|Microsoft URL Control - 6\\.00\\.8xxx|Missauga Locate 1\\.0\\.0|Missigua Locator 1\\.9|Missouri College Browse|Mizzu Labs 2\\.2|Mo College 1\\.9|MVAClient|Mozilla/2\\.0 \\(compatible; NEWT ActiveX; Win32\\)|Mozilla/3\\.0 \\(compatible; Indy Library\\)|Mozilla/3\\.0 \\(compatible; scan4mail \\(advanced version\\) http\\://www\\.peterspages\\.net/?scan4mail\\)|Mozilla/4\\.0 \\(compatible; Advanced Email Extractor v2\\.xx\\)|Mozilla/4\\.0 \\(compatible; Iplexx Spider/1\\.0 http\\://www\\.iplexx\\.at\\)|Mozilla/4\\.0 \\(compatible; MSIE 5\\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\\.0 efp@gmx\\.net|Mozilla/5\\.0 \\(Version\\: xxxx Type\\:xx\\)|NameOfAgent \\(CMS Spider\\)|NASA Search 1\\.0|Nsauditor/1\\.x|PBrowse 1\\.4b|PEval 1\\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\\.0\\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\\.com|ShablastBot 1\\.0|snap\\.com beta crawler v0|Snapbot/1\\.0|Snapbot/1\\.0 \\(Snap Shots&#44; \\+http\\://www\\.snap\\.com\\)|sogou develop spider|Sogou Orion spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sogou spider|Sogou web spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\\.2|User-Agent\\: Mozilla/4\\.0 \\(compatible; MSIE 6\\.0; Windows NT 5\\.1\\)|VadixBot|WebVulnCrawl\\.unknown/1\\.0 libwww-perl/5\\.803|Wells Search II|WEP Search 00|EmailCollector|WebEMailExtrac|TrackBack/1\\.02|sogou music spider)"$'], ['set', 'nginx-badbots', 'maxretry', 2], ['set', 'nginx-badbots', 'maxmatches', 2], ['set', 'nginx-badbots', 'findtime', '600'], ['set', 'nginx-badbots', 'bantime', '600'], ['set', 'nginx-badbots', 'ignorecommand', ''], ['set', 'nginx-badbots', 'logencoding', 'auto'], ['set', 'nginx-badbots', 'addlogpath', '/config/log/nginx/access.log', 'head'], ['set', 'nginx-badbots', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-badbots', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-badbots\n<iptables> -A f2b-nginx-badbots -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-badbots'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-badbots\n<iptables> -F f2b-nginx-badbots\n<iptables> -X f2b-nginx-badbots'], ['actionflush', '<iptables> -F f2b-nginx-badbots'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-badbots[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-badbots 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-badbots -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-badbots'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-badbots', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-badbots', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-badbots\n<iptables> -A f2b-nginx-badbots -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-badbots'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-badbots\n<iptables> -F f2b-nginx-badbots\n<iptables> -X f2b-nginx-badbots'], ['actionflush', '<iptables> -F f2b-nginx-badbots'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-badbots[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-badbots 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-badbots -s <ip> -j <blocktype>'], ['name', 'nginx-badbots'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-badbots', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-badbots', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-badbots: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-badbots has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-badbots: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-badbots has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-badbots: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-badbots.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-badbots: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-badbots'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-deny', 'auto'], ['set', 'nginx-deny', 'usedns', 'warn'], ['set', 'nginx-deny', 'addfailregex', '^ \\[error\\] \\d+#\\d+: \\*\\d+ (access forbidden by rule), client: <HOST>, server: \\S*, request: "\\S+ \\S+ HTTP\\/\\d+\\.\\d+", host: "\\S+"(?:, referrer: "\\S+")?\\s*$'], ['set', 'nginx-deny', 'datepattern', '{^LN-BEG}'], ['set', 'nginx-deny', 'maxretry', 5], ['set', 'nginx-deny', 'maxmatches', 5], ['set', 'nginx-deny', 'findtime', '600'], ['set', 'nginx-deny', 'bantime', '600'], ['set', 'nginx-deny', 'ignorecommand', ''], ['set', 'nginx-deny', 'logencoding', 'auto'], ['set', 'nginx-deny', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'nginx-deny', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-deny', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-deny\n<iptables> -A f2b-nginx-deny -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-deny'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-deny\n<iptables> -F f2b-nginx-deny\n<iptables> -X f2b-nginx-deny'], ['actionflush', '<iptables> -F f2b-nginx-deny'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-deny[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-deny 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-deny -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-deny'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-deny', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-deny', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-deny\n<iptables> -A f2b-nginx-deny -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-deny'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-deny\n<iptables> -F f2b-nginx-deny\n<iptables> -X f2b-nginx-deny'], ['actionflush', '<iptables> -F f2b-nginx-deny'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-deny[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-deny 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-deny -s <ip> -j <blocktype>'], ['name', 'nginx-deny'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-deny', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-deny', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-deny: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-deny has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-deny: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-deny has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-deny: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-deny.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-deny: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-deny'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'bitwardenrs', 'auto'], ['set', 'bitwardenrs', 'usedns', 'warn'], ['set', 'bitwardenrs', 'addfailregex', 'Username or password is incorrect\\. Try again\\. IP: <HOST>\\. Username: .*\\.$'], ['set', 'bitwardenrs', 'maxretry', 3], ['set', 'bitwardenrs', 'maxmatches', 3], ['set', 'bitwardenrs', 'findtime', '14400'], ['set', 'bitwardenrs', 'bantime', '14400'], ['set', 'bitwardenrs', 'ignorecommand', ''], ['set', 'bitwardenrs', 'logencoding', 'auto'], ['set', 'bitwardenrs', 'addlogpath', '/bitwarden/bitwarden.log', 'head'], ['set', 'bitwardenrs', 'addaction', 'iptables-allports'], ['multi-set', 'bitwardenrs', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-bitwardenrs\n<iptables> -A f2b-bitwardenrs -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-bitwardenrs'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-bitwardenrs\n<iptables> -F f2b-bitwardenrs\n<iptables> -X f2b-bitwardenrs'], ['actionflush', '<iptables> -F f2b-bitwardenrs'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-bitwardenrs[ \\t]'"], ['actionban', '<iptables> -I f2b-bitwardenrs 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-bitwardenrs -s <ip> -j <blocktype>'], ['name', 'bitwardenrs'], ['actname', 'iptables-allports'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['start', 'nginx-http-auth'], ['start', 'nginx-botsearch'], ['start', 'ssh'], ['start', 'nginx-badbots'], ['start', 'nginx-deny'], ['start', 'bitwardenrs']]] has failed. Received ValueError('Action iptables-allports already exists')

2020-09-21 14:53:17,501 fail2ban                [392]: ERROR   NOK: ('Action iptables-allports already exists',)

 

fail2ban log when only bitwarden jail set to "true" (IP's redacted)

Quote

2020-09-21 18:20:39,246 fail2ban.server         [389]: INFO    --------------------------------------------------
2020-09-21 18:20:39,247 fail2ban.server         [389]: INFO    Starting Fail2ban v0.11.1
2020-09-21 18:20:39,248 fail2ban.observer       [389]: INFO    Observer start...
2020-09-21 18:20:39,263 fail2ban.database       [389]: INFO    Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
2020-09-21 18:20:39,266 fail2ban.jail           [389]: INFO    Creating new jail 'bitwardenrs'
2020-09-21 18:20:39,271 fail2ban.jail           [389]: INFO    Jail 'bitwardenrs' uses poller {}
2020-09-21 18:20:39,271 fail2ban.jail           [389]: INFO    Initiated 'polling' backend
2020-09-21 18:20:39,275 fail2ban.filter         [389]: INFO      maxRetry: 3
2020-09-21 18:20:39,275 fail2ban.filter         [389]: INFO      findtime: 14400
2020-09-21 18:20:39,276 fail2ban.actions        [389]: INFO      banTime: 14400
2020-09-21 18:20:39,276 fail2ban.filter         [389]: INFO      encoding: UTF-8
2020-09-21 18:20:39,279 fail2ban.filter         [389]: INFO    Added logfile: '/bitwarden/bitwarden.log' (pos = 4192, hash = def801fd5179058b828b90306efb0a4e6bff8d18)
2020-09-21 18:20:39,301 fail2ban.jail           [389]: INFO    Jail 'bitwardenrs' started
2020-09-21 18:20:39,481 fail2ban.actions        [389]: NOTICE  [bitwardenrs] Restore Ban XXX.XXX.XXX.XX
2020-09-21 18:20:39,556 fail2ban.actions        [389]: NOTICE  [bitwardenrs] Restore Ban XXX.XX.XXX.XXX

 

Edited by LoneTraveler
Link to comment

Sorry for all the posts but I'm still trying to beat my way through all of this and get it working....I dont know much about computers so just trying to figure all this out. BUT, its coming along....a little progress here and there and I appreciate you guys!

 

OKAY, So when you rename a configuration file to remove the ".sample" then restart SWAG, should it put another sample version of the same file back in? Where I now have two....the sample version and the new one without sample?

 

I went to the config files in Krusader and tried just right clicking and renaming, then going down to properties and renaming it there, then I tried to open with Kate and rename then save. In any case, once I restart SWAG it puts a sample version back in there so that I have both. Is that correct?  The reason I am questioning if I am doing this correct is because when I go to the subdomain in the browser instead of getting the apps GUI, I am getting this page.... That says "welcome to out server"

 

Any idea on what is the most likely problem that would be causing this page instead of the GUI?

 

Thanks for all your advice!

 

Edited by SPOautos
Link to comment
29 minutes ago, SPOautos said:

Sorry for all the posts but I'm still trying to beat my way through all of this and get it working....I dont know much about computers so just trying to figure all this out. BUT, its coming along....a little progress here and there and I appreciate you guys!

 

OKAY, So when you rename a configuration file to remove the ".sample" then restart SWAG, should it put another sample version of the same file back in? Where I now have two....the sample version and the new one without sample?

 

I went to the config files in Krusader and tried just right clicking and renaming, then going down to properties and renaming it there, then I tried to open with Kate and rename then save. In any case, once I restart SWAG it puts a sample version back in there so that I have both. Is that correct?  The reason I am questioning if I am doing this correct is because when I go to the subdomain in the browser instead of getting the apps GUI, I am getting this page....

 

 

 

Any idea on what is the most likely problem that would be causing this page instead of the GUI?

 

Thanks for all your advice!

Hi, 

 

That is perfectly normal, if there is no sample file, the container will create one upon restart, what's important is the conf file "without" the ".sample".

 

I note that the above url is now correctly forwarding to your Sonarr. Please redact the URL and enable authentication in settings, your Sonarr is exposed for anyone to access. 

Edited by LoneTraveler
Link to comment
14 minutes ago, LoneTraveler said:

Hi, 

 

That is perfectly normal, if there is no sample file, the container will create one upon restart, what's important is the conf file "without" the ".sample".

 

I note that the above url is now correctly forwarding to your Sonarr. Please redact the URL and enable authentication in settings, your Sonarr is exposed for anyone to access. 

 

I enabled authentication in Sonarr...thanks for that!  However, I'm still getting this same "Welcome to our server"  page. I even tried it from my phone so that I wouldn't be on the same internet connection as my server.  Are you able to pull it up???

 

 

 

Thank!

Edited by SPOautos
Link to comment
7 minutes ago, SPOautos said:

 

I enabled authentication in Sonarr...thanks for that!  However, I'm still getting this same "Welcome to our server"  page. I even tried it from my phone so that I wouldn't be on the same internet connection as my server.  Are you able to pull it up???

 

 

 

Thank!

Hi, 

 

Not a problem. 

 

It loaded for me (Dukes of Hazard) 😉, if it's still not loading for you I'd suggest restarting the container and clearing your browser cache, then try again. 

 

 

20200921_221902.jpg

Edited by LoneTraveler
Link to comment
9 minutes ago, LoneTraveler said:

Hi, 

 

Not a problem. 

 

It loaded for me (Dukes of Hazard) 😉, if it's still not loading for you I'd suggest restarting the container and clearing your browser cache, then try again. 

 

I suppose it is browser cache like you said....on my phone when I use a incognito window it opened right up to the sonarr login. 

 

Dukes of Hazard takes me back!  It feels like looking through a old photo album of the past. Love it!

 

This stuff is a lot to chew through for someone who hasnt done much more with a computer than email, browsing, Word docs, saving pictures   lol.  I'm in WAY over my head, but the forum and SI videos has been a HUGE help....slowly fighting my way through it all, seeing that login screen is like a light at the end of the tunnel  lol.....or maybe like the pile of dirt that I'm fixing to ramp 100' off of  LOL

 

I appreciate you checking it out for me! Thanks!

Edited by SPOautos
  • Thanks 1
Link to comment
2 minutes ago, SPOautos said:

 

I suppose it is browser cache like you said....on my phone when I use a incognito window it opened right up to the sonarr login. 

 

Dukes of Hazard takes me back!  It feels like looking through a old photo album of the past. Love it!

 

This stuff is a lot to chew through for someone who hasnt done much more with a computer than email, browsing, Word docs, saving pictures   lol.  I'm in WAY over my head, but the forum and SI videos has been a HUGE help....slowly fighting my way through it all, seeing that login screen is like a light at the end of the tunnel  lol.....or maybe like the pile of dirt that I'm fixing to ramp 100' off of  LOL

 

I appreciate you checking it out for me! Thanks!

Hahaha I know how you feel. I'm relatively new here myself, but you'll soon start picking bits up. 

 

You've made a great start with Sonarr and following Spaceinvaderone's tutorial, so what I'd recommend is keep a copy of the files you have edited so that you can refer back to "what works", and build from there. 

 

I've just recently finished reading this entire SWAG thread, I'd genuinely advise you to do the same in your spare time, there is a heap of useful information here and will put you in good standing to tackle your next unraid adventure. 👍

 

All the best. 

  • Like 1
Link to comment

Hi,

 

Iam using Nextcloud from Linuxserver.io behind SWAG.
I always have the Message "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” when more than none is configured e.g. add_header X-Robots-Tag “none, nosnippet, noarchive”. When only "none" is configured everything is fine. Any Ideas why, is it a bug?

Link to comment
2 hours ago, DockX said:

Hi,

 

Iam using Nextcloud from Linuxserver.io behind SWAG.
I always have the Message "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” when more than none is configured e.g. add_header X-Robots-Tag “none, nosnippet, noarchive”. When only "none" is configured everything is fine. Any Ideas why, is it a bug?

You might have very old config files, so I would recommend you to check the date at the top of the config files in both swag and nextcloud and compare them with the ones on GitHub. The files I can remember is the default, proxy.conf and nginx.conf

Link to comment
14 hours ago, saarg said:

You might have very old config files, so I would recommend you to check the date at the top of the config files in both swag and nextcloud and compare them with the ones on GitHub. The files I can remember is the default, proxy.conf and nginx.conf

I have updated the files but the message remains. Any other Idea?

Link to comment

Hi, this is my first post, I am still new in unraid, sorry for mybe non-professionel question.

I tried to migrate my running let'sencrypt docker to swag like described, so far so good. all is running.

 

but in the logs i can see the following and I hope you can advice me what has to be done.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 


nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Thx in advance.

 

Link to comment
4 minutes ago, joghurt said:

Hi, this is my first post, I am still new in unraid, sorry for mybe non-professionel question.

I tried to migrate my running let'sencrypt docker to swag like described, so far so good. all is running.

 

but in the logs i can see the following and I hope you can advice me what has to be done.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 


nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Thx in advance.

 

Some of your conf files are really old. Delete them and restart the container. Those are including nginx.conf, proxy.conf, ssl.conf, etc.

  • Like 1
Link to comment

Thx, I followed the instructions and deleted the conf files. The most of the log entry disappeared. 👍

Last message left is the system warning:

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

Is there anything I could do on this? Many thx in advance,

Link to comment
14 hours ago, joghurt said:

Thx, I followed the instructions and deleted the conf files. The most of the log entry disappeared. 👍

Last message left is the system warning:

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

Is there anything I could do on this? Many thx in advance,

That's just an alert and is harmless

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.