Erich Blume
52f0308f1a
Alpine's fail2ban ships with sshd jail enabled by default. Since there's no SSH server in the Fly.io container, fail2ban exits with an error looking for sshd logs — crashing the container via set -e. Disable the sshd jail explicitly and make fail2ban startup non-fatal since nginx rate limiting is the primary defense. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
12 lines
254 B
Text
12 lines
254 B
Text
# Disable the default sshd jail — no SSH server in this container
|
|
[sshd]
|
|
enabled = false
|
|
|
|
[forge-login]
|
|
enabled = true
|
|
filter = forge-login
|
|
logpath = /var/log/nginx/access.json.log
|
|
maxretry = 5
|
|
findtime = 600
|
|
bantime = 3600
|
|
banaction = nginx-deny
|