Initial commit

config/fail2ban/filter.d/gitea.local

@@ -0,0 +1,4 @@
+# gitea.local
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =

config/fail2ban/jail.d/gitea.local

@@ -0,0 +1,8 @@
+[gitea-docker]
+enabled = true
+filter = gitea
+logpath = /var/log/gitea/access.log
+maxretry = 10
+findtime = 3600
+bantime = 900
+action = iptables-allports[chain="FORWARD"]

config/fail2ban/jail.d/nginx-bots.local

@@ -0,0 +1,9 @@
+[nginx-badbots]
+enabled = true
+port = http,https
+filter = nginx-error-common
+logpath = /var/log/nginx/access.log
+maxretry = 10
+findtime = 60
+bantime = 3600
+chain = DOCKER-USER

config/fail2ban/jail.d/nginx-log.local

@@ -0,0 +1,19 @@
+[nginx-http-auth]
+enabled = true
+port = http,https
+filter = nginx-http-auth
+logpath = /var/log/nginx/error.log
+maxretry = 3
+findtime = 600
+bantime = 86400
+chain = DOCKER-USER
+
+
+
+
+
+
+
+
+
+

config/nginx/nginx.conf

@@ -0,0 +1,24 @@
+# 1. Main global section
+user  nginx;
+worker_processes  auto;
+
+# 2. **REQUIRED EVENTS BLOCK**
+events {
+    # Define how Nginx handles connections
+    worker_connections  1024;
+}
+
+# 3. HTTP context (where your server blocks go)
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent"';   
+    sendfile        on;
+    keepalive_timeout  65;
+    
+    resolver 127.0.0.11 valid=5s ipv6=off;
+    # Include your server configuration files (like develop.conf)
+    include /etc/nginx/conf.d/*.conf;
+}