Setting up fail2ban

[shalak]

Hello!

Are there any guidelines on how to setup fail2ban for this deployment?

Unfortunatley, the apache log does not contain any 401 replies, and from the browser perspective, unsuccessful login attempt gets reply 200...

[NathanVaughn]

I don't I'm afraid. I've never used fail2ban with Apache before. I would suggest making your own image based on this one that installs and configures it, using a sidecar container like https://hub.docker.com/r/linuxserver/fail2ban or putting a reverse proxy in front of webtrees that has fail2ban.

[shalak]

fail2ban itself is not a problem, the issue is that apache does not produce "login failed" error.

The only idea that comes to my mind is a companion container, which will poll the db (via SELECT * FROM wt_log) and for matching log. Looks expensive :/