diff --git a/main.env.sample b/main.env.sample
index 0c093ac3b01514eda15ace2ffc1d06b44baec755..2b12124b3c7c00b0f5199de6e9a719ba1ded838e 100644
--- a/main.env.sample
+++ b/main.env.sample
@@ -36,6 +36,10 @@ export NEXTCLOUD_DATABASE_NAME="nextcloud"
 # Week for logrotate, by default 4 week
 export LOGROTATE=4
 
+# Fail2ban variables
+# maxretry for traefik jail for fail2ban
+export FAIL2BAN_TRAEFIK_MAXRETRY=15 # 15 by default
+
 # Monit variables
 # CPU and RAM overload time is in monit cycle. 1 cycle = 2 minutes
 export CPU_OVERLOAD_TIME=30     # 1h by default
diff --git a/upgrade/traefik_fail2ban.sh b/upgrade/traefik_fail2ban.sh
index 79206d221f0284897e75cc17cbfa7140e88df295..64e5cdf2429dd3425cfd05aac69b4ba4d30045a8 100644
--- a/upgrade/traefik_fail2ban.sh
+++ b/upgrade/traefik_fail2ban.sh
@@ -5,6 +5,7 @@ cat <<EOF > /etc/fail2ban/jail.d/nocloud_traefik.conf
 enabled = true
 logpath = /home/dockerweb/traefik/log/access.log
 chain = DOCKER-USER
+maxretry = ${FAIL2BAN_TRAEFIK_MAXRETRY:-15}
 mode = aggressive
 findtime = 4h
 banaction = docker-page