Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Need help with Fail2ban - setup

Featured Replies

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Edited by LoneTraveler

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

  • Author
On 8/28/2020 at 10:51 AM, Angryman said:

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

Hi, 

Thanks for the suggestion, I hope to be able to go down that route. Just need to find a way to get fail2ban up and running now. 👍

  • 4 months later...
  • 1 month later...
On 8/27/2020 at 12:53 PM, LoneTraveler said:

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

  • Author
11 hours ago, Aceriz said:

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

6 minutes ago, LoneTraveler said:

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

I would second this.. 

 

Do you know at all if NPM  is setup with GeoIP and how to go about enabling this?

 

  • Author
15 minutes ago, Aceriz said:

I would second this.. 

 

Do you know at all if NPM  is setup with GeoIP and how to go about enabling this?

 

 

I'm afraid I don't know the answer to that, if it is then I'm not aware of it. 

  • 10 months later...

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

  • 2 weeks later...
On 1/13/2022 at 4:39 AM, Built2Succeed said:

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

Hi @Built2Succeed

 

can I take you up on that offer?  I already have Ngnix Proxy Manager and Argo tunnels setup.

 

thanks

 

Sure.  it's fairly easy, but there are some snags along the way. what have you done and where are you getting stuck?

  • 1 year later...
On 1/12/2022 at 11:39 PM, Built2Succeed said:

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

Would you be able to tell me what path i am suppose to put in the screenshot specifically ?

 

image.thumb.png.fcf4c1afd2621c19525e8c725d9a70d4.png

  • 7 months later...

Greetings! Was wondering if anyone had been able to get the email notifications from fail2ban working.

I've got Cloudflare blocking working however can't seem to figure out how to get the sendmail.conf working properly with the setup.

  • 3 months later...

Hello, can someone help me to setup fail2ban with nginx proxy manager? I don't use cloudflare. I have domains on ducksdns, no-ip and dynu.
I have that template for fail2ban:
image.thumb.png.5a35896c350da50a4c495bbcf33d22b4.png

I have that NPM docker container:
image.thumb.png.a56ef18f81d9f689c799f1ed914086bd.png

I try to setup with that tutorial but stuck after jail.local file: 
https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/

my `jail.local` file:
 

root@unRAID:/mnt/user/appdata/fail2ban/jail.d# cat jail.local 
[DEFAULT]
# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
bantime.increment = true

# "bantime.rndtime" is the max number of seconds using for mixing with random time
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
bantime.rndtime = 2048

# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
bantime.multipliers = 1 5 30 60 300 720 1440 2880

[npm-general-forceful-browsing]
# bots that trigger too many 403 or 404
# logs are comming from reverse proxy "nginx proxy manager"
enabled = true
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
action = action-ban-docker-forceful-browsing

filter = npm-general-forceful-browsing
chain = DOCKER-USER
logpath = /var/log/npm/proxy-host-*_access.log
maxretry = 15
findtime = 60
bantime = 600


How to setup next file?

Regards.
 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.