Let me get right to the heart of the matter.
I have the following services running in a reverse proxy (ssl secured).
\* multiple DBs for the above services.
Nginx handles all communication (auto upgrade to HTTPS).
The services all have their various logs which monitor login attempts, resource requests (dear lord the number of requests I get on wp-admin.php is staggering). Right now there's nothing really stopping a brute force attack on any of my services (fail2ban in the server only monitors ssh attempts and since that's on a different ports its pretty silent).
I was wondering if you had any advice how I could unify the logs of the various services with the nginx access.log and have fail2ban monitor that for the various rules? Trouble is that some containers have their own users and I'm not sure how I can go about unifying the access logs.
Quite frankly, I'm a bit lost here and any help would be appreciated.
3 thoughts on “[QUESTION] Securing a reverse proxy nginx set-up with fail2ban”
is this even the right place to post this?
One method of easily securing ssh is to disable password authentication and just use key authentication. Run it on a non-standard port if you’re getting a lot of client disconnect log spam.
With regards to anything http, put Cloudflare in front of your site which will intervene with captchas when it sees requests from malicious IPs. You can also disable access to whole countries, add custom rules, etc.
You could add http Auth infront and ahve f2b look at the error.log.
Or you could install organizr( https://github.com/causefx/Organizr) and use auth_request (https://docs.organizr.app/books/setup-features/page/serverauth) so that nginx won’t load the page unless you have logged into orgainzr first and you can also use f2b( https://docs.organizr.app/books/setup-features/page/fail2ban-integration ) on the orgainzr login log. That and geoblock should make you pretty safe. https://technicalramblings.com/blog/blocking-countries-with-geolite2-using-the-letsencrypt-docker-container/