August 27, 20205 yr Hi, I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places. Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? Many thanks. P.S. I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣 Edited August 27, 20205 yr by LoneTraveler
August 28, 20205 yr Hi there, I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden. What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.
August 29, 20205 yr Author On 8/28/2020 at 10:51 AM, Angryman said: Hi there, I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden. What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed. Hi, Thanks for the suggestion, I hope to be able to go down that route. Just need to find a way to get fail2ban up and running now. 👍
February 23, 20215 yr On 8/27/2020 at 12:53 PM, LoneTraveler said: Hi, I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places. Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? Many thanks. P.S. I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣 Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ? I am considering the move over but didn't want to as I have it working with SWAG...
February 23, 20215 yr Author 11 hours ago, Aceriz said: Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ? I am considering the move over but didn't want to as I have it working with SWAG... Hi, Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program.
February 23, 20215 yr 6 minutes ago, LoneTraveler said: Hi, Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. I would second this.. Do you know at all if NPM is setup with GeoIP and how to go about enabling this?
February 23, 20215 yr Author 15 minutes ago, Aceriz said: I would second this.. Do you know at all if NPM is setup with GeoIP and how to go about enabling this? I'm afraid I don't know the answer to that, if it is then I'm not aware of it.
January 13, 20224 yr Did you get fail2ban setup? I was able to get fail2ban setup running inside its own container. I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare. I have argo tunnel (cloudflare tunnel) setup on cloudflare. It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.
January 23, 20224 yr On 1/13/2022 at 4:39 AM, Built2Succeed said: Did you get fail2ban setup? I was able to get fail2ban setup running inside its own container. I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare. I have argo tunnel (cloudflare tunnel) setup on cloudflare. It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up. Hi @Built2Succeed can I take you up on that offer? I already have Ngnix Proxy Manager and Argo tunnels setup. thanks
January 27, 20224 yr Sure. it's fairly easy, but there are some snags along the way. what have you done and where are you getting stuck?
August 27, 20232 yr On 1/12/2022 at 11:39 PM, Built2Succeed said: Did you get fail2ban setup? I was able to get fail2ban setup running inside its own container. I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare. I have argo tunnel (cloudflare tunnel) setup on cloudflare. It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up. Would you be able to tell me what path i am suppose to put in the screenshot specifically ?
March 28, 20242 yr Greetings! Was wondering if anyone had been able to get the email notifications from fail2ban working. I've got Cloudflare blocking working however can't seem to figure out how to get the sendmail.conf working properly with the setup.
July 3, 20242 yr Hello, can someone help me to setup fail2ban with nginx proxy manager? I don't use cloudflare. I have domains on ducksdns, no-ip and dynu. I have that template for fail2ban: I have that NPM docker container: I try to setup with that tutorial but stuck after jail.local file: https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/ my `jail.local` file: root@unRAID:/mnt/user/appdata/fail2ban/jail.d# cat jail.local [DEFAULT] # "bantime.increment" allows to use database for searching of previously banned ip's to increase a # default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32... bantime.increment = true # "bantime.rndtime" is the max number of seconds using for mixing with random time # to prevent "clever" botnets calculate exact time IP can be unbanned again: bantime.rndtime = 2048 # following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin, # for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day bantime.multipliers = 1 5 30 60 300 720 1440 2880 [npm-general-forceful-browsing] # bots that trigger too many 403 or 404 # logs are comming from reverse proxy "nginx proxy manager" enabled = true ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 action = action-ban-docker-forceful-browsing filter = npm-general-forceful-browsing chain = DOCKER-USER logpath = /var/log/npm/proxy-host-*_access.log maxretry = 15 findtime = 60 bantime = 600 How to setup next file? Regards.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.