How to implement fail2ban with Traefik How to implement fail2ban with Traefik docker docker

How to implement fail2ban with Traefik


docker traefik fail2ban

I was able to accomplish this starting with the gist you posted. This is under the assumptions you have Traefik already working, want to block IPs that have HTTP Basic Auth failures, and ban them with iptables. There's a couple of pieces so let me start with the container configurations:

Traefik docker-compose.yaml

version: '2'services:  traefik:    image: traefik:alpine    volumes:    - /apps/docker/traefik/traefik.toml:/traefik.toml:ro    - /apps/docker/traefik/acme:/etc/traefik/acme    - /var/log/traefik:/var/log    ports:    - 8080:8080/tcp    - 80:80/tcp    - 443:443/tcp    command:    - --web    - --accessLog.filePath=/var/log/access.log    - --accessLog.filters.statusCodes=400-499

You can see here I am writing the log file to /var/log/access.log and only getting access codes to 400-499. I am then mounting that file to my host /var/log/traefik:/var/log

Now for the fail2ban part, I am using a fail2ban docker container rather than installing on my host, but you could technically do it there too.

Fail2ban docker-compose.yaml

version: '2'services:  fail2ban:    image: crazymax/fail2ban:latest    network_mode: "host"    cap_add:    - NET_ADMIN    - NET_RAW    volumes:    - /var/log:/var/log:ro    - /apps/docker/fail2ban/data:/data

You can see I mount the /var/log directory into the fail2ban container as read only.

Fail2ban configuration

The /apps/docker/fail2ban/data/jail.d/traefik.conf file contains:

[traefik-auth]enabled = truelogpath = /var/log/traefik/access.logport = http,https

The /apps/docker/fail2ban/data/filter.d/traefik-auth.conf file contains:

[Definition]failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" 401 .+$ignoreregex =

Extra

The default ban action is to ban via iptables. If you want to change that you can change the default banaction in the traefik.conf, for example:

[DEFAULT]banaction = cloudflare[traefik-auth]enabled = truelogpath = /var/log/traefik/access.logport = http,https

Actions are here: https://github.com/fail2ban/fail2ban/tree/0.11/config/action.d

If you need to modify one, copy the file to the /apps/docker/fail2ban/data/action.d directory and restart the container.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last