Skip to content

Commit

Permalink
Docs: Added instructions for Docker fail2ban configuration. (#8642)
Browse files Browse the repository at this point in the history
  • Loading branch information
gnat authored and zeripath committed Oct 23, 2019
1 parent b4b0e22 commit c2fca23
Showing 1 changed file with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions docs/content/doc/usage/fail2ban-setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ on a bad authentication:
2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx
```

So we set our filter in `/etc/fail2ban/filter.d/gitea.conf`:
Add our filter in `/etc/fail2ban/filter.d/gitea.conf`:

```ini
# gitea.conf
Expand All @@ -35,12 +35,11 @@ failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex =
```

And configure it in `/etc/fail2ban/jail.d/jail.local`:
Add our jail in `/etc/fail2ban/jail.d/gitea.conf`:

```ini
[gitea]
enabled = true
port = http,https
filter = gitea
logpath = /home/git/gitea/log/gitea.log
maxretry = 10
Expand All @@ -49,6 +48,23 @@ bantime = 900
action = iptables-allports
```

If you're using Docker, you'll also need to add an additional jail to handle the **FORWARD**
chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.conf`:

```ini
[gitea-docker]
enabled = true
filter = gitea
logpath = /home/git/gitea/log/gitea.log
maxretry = 10
findtime = 3600
bantime = 900
action = iptables-allports[chain="FORWARD"]
```

Then simply run `service fail2ban restart` to apply your changes. You can check to see if
fail2ban has accepted your configuration using `service fail2ban status`.

Make sure and read up on fail2ban and configure it to your needs, this bans someone
for **15 minutes** (from all ports) when they fail authentication 10 times in an hour.

Expand Down

0 comments on commit c2fca23

Please sign in to comment.