Secure Your Self Hosting with Fail2Ban + Nginx Proxy Manager + Cloudflare

preview_player
Показать описание
Today's video is sponsored by Linode!

Sign up today and get a $100 60-day credit on your new Linode account, link is in the description.

/=========================================/

This video assumes that you already use Nginx Proxy Manager and Cloudflare for your self-hosting.

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured

The full, written tutorial with all the resources is available here:

Chapters:
0:00 Intro
0:43 Ad
1:33 Demo
5:42 Installation
22:04 Wrap Up

/=========================================/

✨Find all my social accounts here:

✨Ways to support DB Tech:

✨Come chat in Discord:

✨Join this channel to get access to perks:

✨Services (Affiliate Links):

✨Hardware (Affiliate Links):

The hardware in my current home server is:

/=========================================/

Remember to leave a like on this video and subscribe if you want to see more!

/=========================================/

Like what I do? Want to be generous and help support my channel? Here are some ways to support:

/=========================================/

Here's my Amazon Influencer Shop Link:
  1. DB Tech
  2. DB Tech
  3. DBTech
  4. Docker tutorial
  5. fail2ban
  6. docker fail2ban
Рекомендации по теме
Self-Hosting Security Guide 0:18:43

Self-Hosting Security Guide for your HomeLab

Self Host 101 0:25:56

Self Host 101 - Set up and Secure Your Own Server

The Downsides of 0:07:18

The Downsides of Self-Hosting Your Applications at Home

Secure Your Self 0:23:37

Secure Your Self Hosting with Fail2Ban + Nginx Proxy Manager + Cloudflare

Self-Hosting & Home 0:19:17

Self-Hosting & Home Server Security Tips

Do This Before 0:13:11

Do This Before Self-Hosting: Understand What You're Doing

This tool makes 0:05:59

This tool makes self hosting simple

Secure Your Self-Hosted 0:21:49

Secure Your Self-Hosted Network with Wazuh

EXPOSE your home 0:09:28

EXPOSE your home network to the INTERNET!! (it's safe)

Understand Self Hosting 0:04:50

Understand Self Hosting in 5 Minutes! Self Hosting for Noobs!

Self Hosting on 0:15:46

Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup

Why you should 0:00:51

Why you should SELF-HOST your software 👩‍💻 #code #programming #technology #tech #software #develop...

Self-Hosted AI That's 0:12:19

Self-Hosted AI That's Actually Useful

Are small tools 0:10:51

Are small tools safe enough for self-hosting?

Secure Your Self-Hosting 0:05:26

Secure Your Self-Hosting Website Using NGINX and SSL

Getting started with 0:18:25

Getting started with Cloudflare Zero Trust to secure Your Self-Hosted Applications

Amnezia: A Self-Hosted 0:08:55

Amnezia: A Self-Hosted VPN to Make You Forget About Other VPNs

How to protect 0:30:39

How to protect Linux from Hackers // My server security strategy!

HomeLab Services Tour 0:40:00

HomeLab Services Tour 2024 - What Am I Self Hosting?

Viktor's thoughts on 0:00:22

Viktor's thoughts on self-hosting something yourself and using a centralized service

Five Things You 0:00:59

Five Things You Should Know About Getting Into Self-Hosting

Raspberry Pi versus 0:08:39

Raspberry Pi versus AWS // How to host your website on the RPi4

Self Hosted Threat 0:12:25

Self Hosted Threat Hunting: Build Your Own Security Lab with Security Onion

Install a self-hosted 0:30:36

Install a self-hosted VPN platform // Netbird

Комментарии
Автор

This worked perfectly, very much appreciated! In addition to fail2ban, I would suggest setting up additional firewall rules that could further narrow the attack surface (like geolocation - I set mine to Europe only as that's where I am based)

janvanderveer
Автор

watched your entire authelia nginx proxy manager and fail2ban videos and configured that to my homelab its absolutely incredible that you teach everything even a layman can understand all hail DB Tech loves from india

HMIINDIAN
Автор

I enjoy all your guides easy to follow, i set my server up based on all your stuff from a year ago, but with the new stuff you are doing its not as easy to follow as the directories have all changed, maybe a new up to date guide starting with NGIX and fail2ban with clouflare set up... Keep up the great work.. thanks

northernexplorer
Автор

17:40 Looking for the nginx.conf file. You are using overlay for your Docker FS. How can I find the conf file if my Docker setup is using VFS? The search you suggest is not finding anything for me.

DanDease
Автор

Nice video as allways!! Cloudflare argo tunnel will be great in the mix, for an extra layer security to my opinion. Keep going

dgeordgy
Автор

I love the approach of using Fail2Ban with CloudFlare, but now that NPM correctly sets the origin of the IP, now my access list in NPM which only allowed incoming connections from Cloudflare Ips does not work anymore. Does anyone have any suggestion about how to keep only allowing Cloudflare packages and also make Fail2Ban ban the original ip of the user?

kevdok
Автор

Another great video.. Can I suggest a video on how to connect a linode server to be a part of a local private network? I want to be able to host a proxmox node on linode and use it as a backup server for running my unifi controller and pi-hole containers should my local server go down... I've failed miserably at the network side of the configuration..

smash_shane
Автор

Can’t thank you enough for this. Exactly what I have been breaking my head over for past few weeks. Thank you so much. Will try it over weekend 🙏🏼

vba
Автор

Great video! Currently have nginx via unRaid but will definite use this upon changing it to docker

Tchucho
Автор

This is a very informative video, and I can't thank Dave enough for all the excellent work he's done, but if possible, I would like to make a suggestion.

For anyone interested in a more permanent solution, instead of the process described at 19:04 in the video, I created a script that runs when the container starts that automatically makes the necessary edits to the nginx configuration file, but only if those changes don't already exist. The script utilizes the s6-overlay infrastructure that the NPM docker image already uses, so it's a bombproof solution. It's also much better than directly editing the configuration file in the container, because if you do it that way, anytime the container is recreated (like after an image update), you would have to make those edits all over again.

I wrote some basic instructions on pastebin, but youtube takes posts with links down, so I'm not sure how to get that info to everyone here.

glassman
Автор

Btw, the max-retry value '1' of your fail2ban filter seems also quite strict. I assume that a single 4XX error will ban the IP. I would use a friendlier value of 5 or 10, especially because we are banning full lifetime with bantime = -1

lrvt
Автор

Thanks for this video! I'm actually running Fail2Ban at the OS level outside of Docker but with NPM in Docker, but this video steered me in the right direction and it's working great.

hbhamilton
Автор

Great video. How do you update the npm-docker.local if your providers ip address changes a lot?

deboy
Автор

If you are getting the error "jq: command not found" when trying to find the path of nginx.conf (when you execute the command: docker inspect $(docker ps -qa)...), just run: sudo apt install jq

This will fix the problem.
Hope it was helpful

kevdok
Автор

Is there any benefit to installing fail2ban (and ufw) as a docker container instead of normallr via terminal, not as containers?

MrKalindro
Автор

Thanks for the nice tutorial. Can you also explain how to configure fail2ban to block ssh access of the real server ip and also see the log of the blocked ip in Cloudflare?

tjoptjop
Автор

Working great after correcting some fat-fingering issues on my end. Thank you for the detailed walk through and references!

DavidDavisL
Автор

Seems to only populate Cloudflare IP addresses I’m not sure what I’m doing wrong. I commented out the real IP like you said.

andrewhinson
Автор

A guide on how to setup the smtp functionality would be nice + potentially set it to send daily reports instead of an email for each ban

hairyfred
Автор

This looks like an excellent description of how to use Fail2ban with Nginx Proxy Manager. One question, though: suppose you are not using Cloudflare but instead have your NPM on a virtual machine (set up with Proxmox, for example) or a bare- metal machine? How do you set up fail2ban in Docker so that it will work on uch machines?
Can you point to instructions for doing this or (better) create a video about creating such a setup?

robertbrowniii