Skip to content

Commit

Permalink
fix(config): Fix fail2ban filter (frappe#1308)
Browse files Browse the repository at this point in the history 
* Add missing nginx-proxy filter

* Add all nginx log files to fail2ban filter, regardless of frappe site

* Adds per site nginx logs in /var/log
  • Loading branch information
@deajan
deajan authored Jul 27, 2022
1 parent 1e0054b commit 94a25d3
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 3 deletions.
5 changes: 5 additions & 0 deletions bench/config/templates/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,11 @@ server {

{% endfor -%}

# logs in var
access_log /var/log/nginx/{{ site_name }}_access.log main;
error_log /var/log/nginx/{{ site_name }}_error.log;


# optimizations
sendfile on;
keepalive_timeout 15;
Expand Down
4 changes: 2 additions & 2 deletions bench/playbooks/roles/fail2ban/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
fail2ban_nginx_access_log: /var/log/nginx/access.log
fail2ban_nginx_access_log: /var/log/nginx/*access.log
maxretry: 6
bantime: 600
findtime: 600
findtime: 600
5 changes: 4 additions & 1 deletion bench/playbooks/roles/fail2ban/tasks/configure_nginx_jail.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@
vars_files:
- ../defaults/main.yml
tasks:

- name: Setup filter
template: src="../templates/nginx-proxy-filter.conf.j2" dest="/etc/fail2ban/filter.d/nginx-proxy.conf"
- name: Setup jail
template: src="../templates/nginx-proxy-jail.conf.j2" dest="/etc/fail2ban/jail.d/nginx-proxy.conf"
- name: restart service
service: name=fail2ban state=restarted
service: name=fail2ban state=restarted

0 comments on commit 94a25d3

Please sign in to comment.