Fail2Ban + Docker Compose

I currently have a stack that I am trying to implement a local installation of fail2ban with [Vaultwarden w/MariaDB + Caddy (All 3 Docker Compose)]. I am having trouble figuring out jail.d configurations whether or not I should replace

banaction = %(banaction_allports)s

with something else since my instance is running running behind the caddy proxy.
Per the wiki.

Do not use this if you use a reverse proxy before Docker container. If proxy, like apache2 or nginx is used, use the ports of the proxy and do not use chain=FORWARD, only when using Docker without proxy!

NOTE on the NOTE above:
That's at least not true for running on Docker (CentOS 7) with caddy as reverse proxy. chain=FORWARD is absolutely fine and working with caddy as reverse proxy.

Anyone know if I should be doing something different other than the below due to the NOTE on the NOTE.

action = iptables-allports[name=vaultwarden, chain=FORWARD]

Any help is appreciated.


I am running a similar setup. Only Difference is, that i use a non-docker apache as a reverse proxy. For me the following works like a charm:

action = iptables-allports[name=bitwarden, chain=FORWARD]
         %(action_mw)s[from=*redacted*, destination=*redacted*, sendername=Fail2Ban]
1 Like