Skip to content

Commit 700518a

Browse files
committed
Added fail2ban, though not sure its configured correctly yet
1 parent e959e54 commit 700518a

File tree

245 files changed

+9172
-5
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

245 files changed

+9172
-5
lines changed

docker/Dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,12 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
5353

5454
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf
5555

56+
# fail2ban
57+
RUN apt-get update \
58+
&& apt-get install -y --no-install-recommends fail2ban \
59+
&& apt-get clean \
60+
&& rm -rf /var/lib/apt/lists/* /etc/fail2ban
61+
5662
# s6 overlay
5763
COPY scripts/install-s6 /tmp/install-s6
5864
RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -rf /tmp/*

docker/dev/Dockerfile

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,13 @@ ENV GOPROXY=$GOPROXY \
2222

2323
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf
2424

25-
# usql and node
25+
# usql, node, fail2ban
2626
RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - \
2727
&& apt-get update \
28-
&& apt-get install -y --no-install-recommends nodejs vim dnsutils \
28+
&& apt-get install -y --no-install-recommends nodejs vim dnsutils fail2ban \
2929
&& npm install --___location=global yarn \
3030
&& apt-get clean \
31-
&& rm -rf /var/lib/apt/lists/* \
31+
&& rm -rf /var/lib/apt/lists/* /etc/fail2ban \
3232
&& go install github.com/xo/usql@master
3333

3434
# Task
@@ -42,8 +42,6 @@ RUN rm -f /etc/nginx/conf.d/production.conf
4242
# s6 overlay
4343
COPY scripts/install-s6 /tmp/install-s6
4444
RUN /tmp/install-s6 && rm -rf /tmp/*
45-
#RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
46-
# && tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
4745

4846
# Fix for golang dev:
4947
RUN chown -R 1000:1000 /opt/go

docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
#!/command/with-contenv bash
2+
# shellcheck shell=bash
3+
24
set -e
35

46
echo "❯ Starting backend ..."

docker/rootfs/etc/s6-overlay/s6-rc.d/fail2ban/dependencies.d/prepare

Whitespace-only changes.
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#!/command/with-contenv bash
2+
# shellcheck shell=bash
3+
4+
echo "❯ Starting fail2ban ..."
5+
exec /usr/bin/fail2ban-client -c /fail2ban -x -vv -f start
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
longrun

docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
#!/command/with-contenv bash
2+
# shellcheck shell=bash
3+
24
set -e
35

46
# This service is DEVELOPMENT only.

docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
#!/command/with-contenv bash
2+
# shellcheck shell=bash
3+
24
set -e
35

46
echo "❯ Starting nginx ..."

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
#!/command/with-contenv bash
2+
# shellcheck shell=bash
3+
24
set -e
35

46
DATA_PATH=/data
@@ -47,6 +49,14 @@ chown -R npmuser:npmuser /var/log/nginx
4749
mkdir -p /tmp/npmuserhome
4850
chown -R npmuser:npmuser /tmp/npmuserhome
4951

52+
# fail2ban configuration
53+
mkdir -p /fail2ban/{action.d,filter.d,jail.d,log}
54+
chown -R npmuser:npmuser /fail2ban
55+
mkdir -p /var/run/fail2ban
56+
mkdir -p /data/logs/fail2ban
57+
chown nobody:nogroup /data/logs/fail2ban
58+
chmod 02755 /data/logs/fail2ban
59+
5060
echo
5161
echo "-------------------------------------
5262
_ _ ____ __ __
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1+
# shellcheck shell=bash
12
/etc/s6-overlay/s6-rc.d/prepare/script.sh

0 commit comments

Comments
 (0)