(First post here sorry if I’m doing it wrong)
Dose anyone have a really easy tutorial on how to install fail2ban on caddy? I am a complete beginner at this. Everything I have found talk about plugins and other things to modify but I have no idea what I’m doing. All help is greatly appreciated.
fail2ban reads log file and match bad request with regex. problem is caddy default logging fromat is in json. i use GitHub - caddyserver/transform-encoder: Log encoder module for custom log formats to make caddy write in my custom logging format. and then i create my own custom fail2ban regex filter.
example caddy config. mind you this is in yaml, it is basically the same structure as caddy json config but in yaml.
in my setup fail2ban on host. and caddy on rootless podman container.
logging:
logs:
simple_access:
writer:
output: file
filename: /log/simple-access.log
encoder:
format: transform
template: "{ts} from:{request>remote_ip} proto:{request>proto} method:{request>method} host:{request>host} uri:{request>uri} status:{status}"
time_format: rfc3339
level: debug
include:
- http.log.access
apps:
# your caddy apps
fail2ban custom filter on host put it in /etc/fail2ban/filter.d/my-caddy-not-found.local . in this example we are trying to match bots who scan our website. it will generate a burst of many 404s in the logfile.
[Definition]
failregex = ^ from:<HOST> proto:HTTP/[1-3]\.[0-1] method:[A-Z]+ host:.* uri:.* status:404$
in a jail config file. for example /etc/fail2ban/jail.d/my-caddy.local
[DEFAULT]
enabled = false
logpath = <PUT LOG FILE LOCATION ON HOST>
bantime = 1w
ignoreip = <PUT YOUR IP SUBNET TO IGNORE>
[my-caddy-not-found]
enabled = true
maxretry = 5
findtime = 1s
I use rootless podman tho. so there is no problem with firewall. your mileage may vary with docker.
2 Likes