Add fail2ban for traefik

Remote action coming soon
2021-03-28 13:05:31 +01:00
parent 8398a2df21
commit 6973fb536f
17 changed files with 103 additions and 1 deletions
--- a/ansible/roles/traefik/files/fail2ban/traefik-filter.conf
+++ b/ansible/roles/traefik/files/fail2ban/traefik-filter.conf
@ -0,0 +1,4 @@
+[Definition]
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" .+$
+ignoreregex =
+mode = normal
--- a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
+++ b/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
@ -0,0 +1,9 @@
+[traefik]
+enabled  = true
+bantime  = 6000
+findtime = 600
+maxretry = 5
+filter   = traefik
+logpath = /tmp/traefik-logs/access.log
+port     = http,https
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}