Need help with Fail2ban - setup


ytddewqf

Recommended Posts

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Edited by LoneTraveler
Link to comment

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

Link to comment
On 8/28/2020 at 10:51 AM, Angryman said:

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

Hi, 

Thanks for the suggestion, I hope to be able to go down that route. Just need to find a way to get fail2ban up and running now. 👍

Link to comment
  • 4 months later...
  • 1 month later...
On 8/27/2020 at 12:53 PM, LoneTraveler said:

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

Link to comment
11 hours ago, Aceriz said:

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

Link to comment
6 minutes ago, LoneTraveler said:

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

I would second this.. 

 

Do you know at all if NPM  is setup with GeoIP and how to go about enabling this?

 

Link to comment
  • 10 months later...

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

Link to comment
  • 2 weeks later...
On 1/13/2022 at 4:39 AM, Built2Succeed said:

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

Hi @Built2Succeed

 

can I take you up on that offer?  I already have Ngnix Proxy Manager and Argo tunnels setup.

 

thanks

 

Link to comment
  • 1 year later...
On 1/12/2022 at 11:39 PM, Built2Succeed said:

Did you get fail2ban setup?  I was able to get fail2ban setup running inside its own container.  I have vaultwarden, Nginx Proxy Manager, and fail2ban running with cloudflare.  I have argo tunnel (cloudflare tunnel) setup on cloudflare.  It took me a week or so to figure out the setup because it's a little tricky. I'd be happy to help anyone who needs help setting up.  

Would you be able to tell me what path i am suppose to put in the screenshot specifically ?

 

image.thumb.png.fcf4c1afd2621c19525e8c725d9a70d4.png

  • Upvote 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.