Skip to content
/ fail2ban Public

Periodically build a debian-based image using `crazymax/fail2ban` to support the `systemd` backend. (Docker)

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ttionya/fail2ban

BranchesTags

Repository files navigation

fail2ban

Docker Image Version (latest by date) Docker Pulls GitHub

This project is forked from crazy-max/docker-fail2ban and modified based on it. Any subsequent mention of upstream refers to that project.

Note: If you are NOT looking for this project with a strong purpose, please use the crazymax/fail2ban image directly.

About

Two modifications were made when rebuilding of this project:

  1. Built based on debian:12-slim instead of alpine

    Alpine does not support the systemd backend. If you need to set backend: systemd due to the journal logging system, you can try using this image.

  2. Built-in inotify-tools, including the inotifywait command.

    If your log file names rotate over time, you can use inotifywait to monitor file creation or deletion and reload fail2ban.

Usage

fail2ban

The configuration for fail2ban is the same as upstream, please refer to the crazy-max/docker-fail2ban documentation.

inotifywait

You can use the built-in inotifywait to monitor the creation and removal of log files.

You only need to mount the configuration file to /etc/inotifywait.conf. This configuration file is specific to this image.

The typical configuration file is as follows:

# fail2ban-client reload (for all)
-m -e create,moved_from --include .*\.access\..*\.log$ /var/logs/nginx

# fail2ban-client reload nginx
-m -e create,moved_from --include .*\.access\..*\.log$ /var/logs/nginx [nginx]

# fail2ban-client reload nginx && fail2ban-client reload httpd
-m -e create,moved_from --include .*\.access\..*\.log$ /var/logs/nginx [nginx httpd]
  1. Each line is an option section for inotifywait (excluding the inotifywait command).
  2. Blank lines and lines starting with # are ignored.
  3. The trailing [jail] is OPTIONAL and represents which jails need to be reloaded when the watch is triggered, separated by SPACES.

Example

docker run -d \
  --mount type=bind,source=/path/to/fail2ban/data,target=/data \
  --mount type=bind,source=/path/to/inotifywait.conf,target=/etc/inotifywait.conf \
  --mount type=bind,source=/path/to/logs,target=/var/logs \
  ttionya/fail2ban

Versioning

The version is divided into three parts, separated by hyphens (-).

Part Version Description
1 1.1.0 fail2ban version number
2 r1 Upstream version number
3 1 or b1 Project version number (b for beta, number for stable)

The image version number follows the upstream release method and only retains the fail2ban version number.

Schedule

To ensure the use of the latest dependencies, this image is rebuilt every Monday at 6:00 AM.

Thanks

License

MIT

About

Periodically build a debian-based image using `crazymax/fail2ban` to support the `systemd` backend. (Docker)

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

1.1.0-r3-0 Latest
Jul 13, 2025
+ 2 releases

Packages

 
 
 

Contributors 9

Languages