Closed la7eralus closed 8 months ago
Hello @5olu7ion,
Thanks for your interest in this Traefik Plugin!
Indeed, the default plugin configuration enables the Plugin by default.
As for your issue, I need to reproduce your issue to confirm the bug. So I will class this issue as bug/possible
until there is someone that can reproduce this issue.
Can you give your traefik configuration as well?
Thanks for your quick reply :-) I tailored a little example:
version: '3.6'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
environment:
- TZ=Europe/Berlin
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- --global.sendanonymoususage=false
- --api.dashboard=false
- --api.insecure=false
- --log.level=INFO
- --accesslog=true
- --accesslog.fields.names.StartUTC=drop
- --providers.docker.watch=true
- --providers.docker.exposedByDefault=false
- --providers.docker.network=services
- --entrypoints.web.address=:80
- --experimental.plugins.traefik-fail2ban-plugin.modulename=github.com/tomMoulard/fail2ban
- --experimental.plugins.traefik-fail2ban-plugin.version=v0.7.1
networks:
- services
labels:
- "traefik.enable=true"
- "traefik.http.routers.catch-all.rule=Host(`localhost`)"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.enabled=true"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.bantime=3h"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.findtime=2m"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.maxretry=2"
- "traefik.http.routers.catch-all.middlewares=fail2ban-plugin"
networks:
services:
name: services
It shows the same output as on my Server:
[user:~/Desktop] 7s $ docker compose up
[+] Running 5/5
✔ traefik 4 layers [⣿⣿⣿⣿] 0B/0B Pulled 19.5s
✔ 96526aa774ef Pull complete 3.2s
✔ eeed05813ad6 Pull complete 1.3s
✔ 86ea8083d7bc Pull complete 15.5s
✔ cea349f5f8a7 Pull complete 1.9s
[+] Running 2/0
✔ Network services Created 0.0s
✔ Container traefik Created 0.0s
Attaching to traefik
traefik | time="2023-10-23T19:21:07+02:00" level=info msg="Configuration loaded from flags."
traefik | time="2023-10-23T19:21:07+02:00" level=info msg="Traefik version 2.10.5 built on 2023-10-11T13:54:02Z"
traefik | time="2023-10-23T19:21:07+02:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
traefik | time="2023-10-23T19:21:07+02:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
traefik | time="2023-10-23T19:21:07+02:00" level=info msg="Starting provider *docker.Provider"
traefik | time="2023-10-23T19:21:08+02:00" level=info msg="Starting provider *traefik.Provider"
traefik | time="2023-10-23T19:21:08+02:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
traefik | 2023/10/23 19:21:08 Bantime: 5m0s
traefik | 2023/10/23 19:21:08 Findtime: 2m0s
traefik | 2023/10/23 19:21:08 FailToBan Rules : '{Bantime:5m0s Findtime:2m0s URLRegexpAllow:[] URLRegexpBan:[] MaxRetry:0 Enabled:true}'
traefik | 2023/10/23 19:21:08 Plugin: FailToBan is up and running
Perfect, thanks, I will look into it.
Hello @5olu7ion,
To solve your issue, the plugin configuration is :
traefik-fail2ban-plugin:
rules: # <-- this is missing
bantime: "3h"
findtime: "2m"
maxretry: 2
enabled: true
Seems like I should have tripple checked the example ;-) Thank you very much and sorry for this trivial question, your suggestion worked perfectly. ´´´ 10/24/2023 8:24:55 PM 2023/10/24 20:24:55 Bantime: 3h0m0s 10/24/2023 8:24:55 PM 2023/10/24 20:24:55 Findtime: 2m0s 10/24/2023 8:24:55 PM 2023/10/24 20:24:55 FailToBan Rules : '{Bantime:3h0m0s Findtime:2m0s URLRegexpAllow:[] URLRegexpBan:[] MaxRetry:2 Enabled:true}' ´´´
Hello, I manage the f2b config via docker labels:
But it looks like my settings are ignored, since the log is showing this:
I double checked the example: https://github.com/tomMoulard/fail2ban/blob/main/docker-compose.yml and the code, but couldn't find an issue with my config: https://github.com/tomMoulard/fail2ban/blob/2790061e862b27fb62a992822cd6d9bd2beed887/fail2ban.go#L43
I think its interesting, that it somehow managed to interpret the enabled flag, but not the other parameters, the case should be correct, as seen in the example and the sources.