Need help with Fail2ban - setup


LoneTraveler

8 posts in this topic Last Reply

Recommended Posts

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Edited by LoneTraveler
Link to post

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

Link to post
On 8/28/2020 at 10:51 AM, Angryman said:

Hi there,

 

I don't have a config guide but fail2ban looks at a log and if the log meets the requirements then blocks the IP of the incoming connection for a period of time you set. I have fail2ban working on let's encrypt with bitwarden.

What I would suggest is get the login logs of the apps you want to run with fail2ban and have them writing to a share in unraid. once that is done then you need to look at how to install fail2ban on your reverse proxy. I don't know enough about docker and when it gets updated if what you install into it gets removed.

 

 

Hi, 

Thanks for the suggestion, I hope to be able to go down that route. Just need to find a way to get fail2ban up and running now. 👍

Link to post
  • 4 months later...
  • 1 month later...
On 8/27/2020 at 12:53 PM, LoneTraveler said:

Hi, 

 

I have the below Dockers running and everything seems to be going well. I checked in on my Cloudflare dashboard and was surprised/shocked at the amount of attempts to access my site there have been. USA, Germany, Brazil, all sorts, from all places.

 

Now I don't know how many of these are genuine or are some sort of "bot" for backend systems scouring the Internet, however regardless, I want to ensure that I do all that I can to protect my server. I have utilised all of Cloudflares services to help, such as geoIP blocking, but I want to cover all bases. 

 

I only have three ports open, 80, 443 and one for my WireGuard VPN. 80 and 443 are running behind NginxProxyManager and there is nothing in my unRAID logs to cause me any concern, at present. I wanted to use Fail2Ban that was incorporated into Linuxserver/Letsencrypt however I have (as of yesterday) made the move over to NginxProxyManager and they do not include it unfortunately. 

 

I am still very much the unRAID novice, and have looked around for something to meet my needs however I have come up short. Is there anyone whom could point me in the right direction please? 

 

Many thanks. 

 

 

20200827_164205.jpg

 

 

P.S.

I'm currently watching the film "Snowden" and I want to unplug my server from the Internet. 🤣

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

Link to post
11 hours ago, Aceriz said:

Had you been able to figure out how to get FAIL2BAN working with Nginx Proxy manager.. ?   I am considering the move over but didn't want to as I have it working with SWAG... 

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

Link to post
6 minutes ago, LoneTraveler said:

Hi, 

 

Unfortunately not, however I do prefer the simplicity of NPM. If Fail2ban is ever implemented, it would top of an already excellent program. 

I would second this.. 

 

Do you know at all if NPM  is setup with GeoIP and how to go about enabling this?

 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.