fiddy/docker/security/README.md

Security Templates

This folder contains host-side security templates for public launch hardening.

fail2ban (recommended baseline)

• Config location:
  • docker/security/fail2ban/jail.d/fiddy-nginx.conf
  • docker/security/fail2ban/filter.d/fiddy-nginx-auth.conf
• Purpose:
  • ban repeated abusive requests against auth, join, and invite endpoints.

CrowdSec (optional alternative/complement)

• Config location:
  • docker/security/crowdsec/acquis.yaml
• Purpose:
  • ingest Nginx access/error logs with CrowdSec for broader behavior-based decisions.

Notes

• Use either fail2ban or CrowdSec as your primary auto-ban control, or carefully run both with clear ownership of ban actions.
• Validate log paths match your deployment:
  • /var/log/nginx/fiddy-access.log
  • /var/log/nginx/fiddy-error.log