From 59f2afc62dd0a7aacb038a756e0b94d4104a3485 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Wed, 13 Nov 2024 15:27:50 +0100
Subject: [PATCH] Upgrade traefik fail2ban jails on update

---
 install/Traefik.sh          | 19 +------------------
 upgrade/Traefik.sh          |  2 ++
 upgrade/traefik_fail2ban.sh | 25 +++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 18 deletions(-)
 create mode 100644 upgrade/traefik_fail2ban.sh

diff --git a/install/Traefik.sh b/install/Traefik.sh
index b24607e..fedce1b 100644
--- a/install/Traefik.sh
+++ b/install/Traefik.sh
@@ -43,21 +43,4 @@ touch acme.json
 chmod 600 acme.json
 echo "Update /home/dockerweb/traefik/docker-compose.yml to change htpassword line 29"
 
-
-cat <<EOF > /etc/fail2ban/jail.d/nocloud_traefik.conf
-[traefik-auth]
-enabled = true
-logpath = /home/dockerweb/traefik/log/access.log
-chain = DOCKER-USER
-mode = aggressive
-findtime = 4h
-EOF
-cat <<EOF > /etc/fail2ban/jail.d/nocloud_base.conf
-[sshd]
-enabled = true
-chain = DOCKER-USER
-[recidive]
-enabled = true
-chain = DOCKER-USER
-EOF
-fail2ban-client reload
+bash $DIR/upgrade/traefik_fail2ban.sh
diff --git a/upgrade/Traefik.sh b/upgrade/Traefik.sh
index c4130f4..8d40c74 100644
--- a/upgrade/Traefik.sh
+++ b/upgrade/Traefik.sh
@@ -63,3 +63,5 @@ find /home/dockerweb -name "docker-compose.yml" | while read file; do
     fi
     cd -
 done
+
+bash $DIR/upgrade/traefik_fail2ban.sh
diff --git a/upgrade/traefik_fail2ban.sh b/upgrade/traefik_fail2ban.sh
new file mode 100644
index 0000000..028741a
--- /dev/null
+++ b/upgrade/traefik_fail2ban.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+cat <<EOF > /etc/fail2ban/jail.d/nocloud_traefik.conf
+[traefik-auth]
+enabled = true
+logpath = /home/dockerweb/traefik/log/access.log
+chain = DOCKER-USER
+mode = aggressive
+findtime = 4h
+EOF
+cat <<EOF > /etc/fail2ban/jail.d/nocloud_base.conf
+[sshd]
+enabled = true
+chain = DOCKER-USER
+[recidive-docker]
+enabled = true
+filter = recidive
+chain = DOCKER-USER
+logpath  = /var/log/fail2ban.log
+banaction = %(banaction_allports)s
+bantime  = 1w
+findtime = 1d
+EOF
+fail2ban-client reload
+
-- 
GitLab