A simple package to add fail2ban support to caddy. This simple module adds a fail2ban HTTP matcher based on a text file of IP addresses.
First, make sure to build your caddy with support for this module:
RUN xcaddy build \
--with github.com/Javex/caddy-fail2ban@mainThen insert this into your Caddyfile:
@banned {
fail2ban ./banned-ips
}
handle @banned {
abort
}The right place for it depends on your setup, but you can find more complete examples in the examples/ directory.
Next, you will need to create the fail2ban action. You can copy the suggested one if you like:
$ cp fail2ban/caddy-banfile.conf /etc/fail2ban/actions.d/caddy-banfile.confNow in any of your jails if you want to block requests at the HTTP layer, you can use the action:
action = caddy-banfile[banfile_path="/etc/caddy/banned-ips"]The above path is the default so you can omit the banfile_path parameter if you like.
First run the go unit tests, then spin up a docker container to test the integration with fail2ban
go build -v ./...
go test -v ./...
sudo docker build . -t caddy-fail2ban
sudo docker run --rm --name caddy-fail2ban --detach -v $PWD/test/Caddyfile:/etc/caddy/Caddyfile caddy-fail2ban
sudo docker exec -it caddy-fail2ban /usr/local/bin/caddy-fail2ban-test.sh
sudo docker logs caddy-fail2ban
sudo docker stop caddy-fail2ban