Super secret stuff: I'm not working on v2 anymore, and instead slowly working on v3. Anyone who wants f2b can take my docker image and build a new one with f2b installed. It's the configuration of it that would be hard for the average joe. On the other hand, f2b is easy to add to the docker container. I understand that there are malicious people out there and there are users who want to protect themselves, but is f2b the only way for them to do this? On one hand, this project's goals was for the average joe to be able to easily use HTTPS for their incoming websites not become a network security specialist. There's talk about security, but I've worked for multi million dollar companies with massive amounts of sensitive customer data, used by government agencies and never once have we been hacked or had any suspicious attempts to gain access. Personally I don't understand the fascination with f2b. If npm will have it - why not but i am using crazymax/fail2ban for this more complexing docker, more possible mistakes configs, etc how will be or f2b integrated - should decide jc21 It is always - we could find many "yes" and many "no" there is no one answer. In production I need to have security, back ups, and disaster recovery.
I want to try out this container in a production environment but am hesitant to do so without f2b baked in.
If you are using volumes and backing them up nightly you can easily move your npm container or rebuild it if necessary. And those of us with that experience can easily tweak f2b to our liking. Having f2b inside the npm container and pre-configured, similiar to the linuxio container, gives end users without experience in building jails and filters an extra layer of security. Setting up fail2ban is also a bit more advanced then firing up the nginx-proxy-manager container and using a UI to easily configure subdomains. Currently fail2ban doesn't play so well sitting in the host OS and working with a container. NOTE: for docker to ban port need to use single port and option iptables -m conntrack -ctorigdstport -ctdir the other side of docker containers is to make deployment easy. nginx-proxy-manager/data/logs/proxy_host-*.log Logpath = /nginx-proxy-manager/data/logs/default_host.log I DOCKER-USER -p -m conntrack -ctorigdstport -ctdir ORIGINAL -j f2b-Īctionstop = -D DOCKER-USER -p -m conntrack -ctorigdstport -ctdir ORIGINAL -j f2b-Īctioncheck = -n -L DOCKER-USER | grep -q 'f2b-'
ctorigdstport !!! mine looks like this and it works
0 kommentar(er)
