Closed kraoc closed 8 months ago
Hello @kraoc,
Thanks for your interest in this Traefik Plugin!
Can you please provide a simple use case where you can get the error your described? (e.g., a docker-compose file).
Of course :)
docker-compose.yml (light version)
version: "3.0"
networks:
traefik:
external: true
services:
traefik:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- CHOWN
container_name: traefik
hostname: traefik
image: traefik:3.0
restart: always
depends_on:
cloudflare-1-ipv4:
condition: service_healthy
cloudflare-1-ipv6:
condition: service_healthy
cloudflare-2-ipv4:
condition: service_healthy
cloudflare-2-ipv6:
condition: service_healthy
modsecurity:
condition: service_healthy
varnish:
condition: service_healthy
ports:
- "${VM_PORT_TRAEFIK_SSH}:22"
- "${VM_PORT_TRAEFIK_HTTP}:80"
- "${VM_PORT_TRAEFIK_HTTPS}:443/tcp"
- "${VM_PORT_TRAEFIK_HTTPS}:443/udp"
- "${VM_PORT_TRAEFIK_STREAMING}:1704/udp"
- "${VM_PORT_TRAEFIK_METRICS}:6082"
expose:
- "22"
- "80"
- "443"
- "1704"
- "6082"
networks:
traefik:
healthcheck:
test: traefik healthcheck || exit 1
secrets:
- cf-api-email
- cf-api-key
env_file:
- ./conf/traefik/env/domain.env
environment:
CF_API_EMAIL_FILE: "/run/secrets/cf-api-email"
CF_API_KEY_FILE: "/run/secrets/cf-api-key"
labels:
com.stack.name: "traefik"
com.stack.service.name: "traefik"
deploy:
resources:
limits:
cpus: "8.0"
memory: 4G
tmpfs:
- /tmp:rw,noexec,nosuid,size=512M
volumes:
- ./conf/traefik/traefik.yml:/traefik.yml:ro
- ./conf/traefik/traefik.d:/etc/traefik/conf.d/:ro
- ./datas/traefik/acme.json:/acme.json:rw
- ./datas/traefik/log/:/var/log/traefik/:rw
sysctls:
net.core.somaxconn: 8192
net.ipv4.tcp_syncookies: 0
traefik.yml (obfuscated)
# 2023-11-01
global:
checkNewVersion: false
sendAnonymousUsage: false
api:
debug: false
dashboard: true
insecure: false
ping: {}
entryPoints:
ssh:
address: ":22"
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
http:
tls:
certResolver: cloudflare
metrics:
address: ":6082"
streaming:
address: ":1704/udp"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "tcp://..."
exposedByDefault: false
network: proxy
watch: true
file:
directory: /etc/traefik/conf.d/
watch: true
certificatesResolvers:
cloudflare:
acme:
email: ...
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
- "1.0.0.1:53"
- "8.8.4.4:53"
metrics:
prometheus:
entryPoint: metrics
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
addEntryPointsLabels: true
addServicesLabels: true
log:
level: "info"
filePath: "/var/log/traefik/traefik.log"
format: json
accessLog:
filePath: "/var/log/traefik/access.log"
format: json
experimental:
plugins:
modsecurity:
moduleName: github.com/acouvreur/traefik-modsecurity-plugin
version: v1.3.0
fail2ban:
moduleName: github.com/tomMoulard/fail2ban
version: v0.7.1
#souin:
# moduleName: github.com/darkweak/souin
# version: v1.6.43
middleware.yml (light version)
fail2ban:
plugin:
fail2ban:
blacklist:
ip:
- 51.15.34.47
- 45.142.182.119
- 164.68.124.86
# default middleware used in most routers
default:
chain:
middlewares:
- httpsredirect
- autodetect
- defaults
- security
- compress
- fail2ban
#- cache
I am sorry, but I cannot reproduce your issue. I've tried using your docker-compose, and even extracted "all special docker configuration", but with not luck. Can you reproduce your issue using my configuration ?
Worked now... Don't know why... Maybe a network issue...
But all access are 403 now... It seems to block all trafic by default ?
Seems the same as #89
PS: I managed to work by looking into traefik log and whitelist all my internal IPs...
If you managed to get this working, I'll close this issue. Thanks.
Doesn't seem to work with last Traefik 3 (beta4):
traefik.yml
middleware
Logs
{"level":"error","error":"github.com/tomMoulard/fail2ban: failed to import plugin code \"github.com/tomMoulard/fail2ban\": 1:21: import \"github.com/tomMoulard/fail2ban\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/fail2ban.go:18:2: import \"github.com/tomMoulard/fail2ban/log\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/log/log_debug.go:17:16: unknown field logger in struct literal","time":"2023-11-01T20:40:03+01:00","message":"Plugins are disabled because an error has occurred."}
Can I add more details needed to review ?