nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54c46dd5ac
fiddy/docker/security
History
Nico eef058027d add launch ops checklists and backup security templates
2026-02-14 21:23:30 -08:00
..
crowdsec add launch ops checklists and backup security templates 2026-02-14 21:23:30 -08:00
fail2ban add launch ops checklists and backup security templates 2026-02-14 21:23:30 -08:00
README.md add launch ops checklists and backup security templates 2026-02-14 21:23:30 -08:00

README.md

Security Templates

This folder contains host-side security templates for public launch hardening.

fail2ban (recommended baseline)

  • Config location:
    • docker/security/fail2ban/jail.d/fiddy-nginx.conf
    • docker/security/fail2ban/filter.d/fiddy-nginx-auth.conf
  • Purpose:
    • ban repeated abusive requests against auth, join, and invite endpoints.

CrowdSec (optional alternative/complement)

  • Config location:
    • docker/security/crowdsec/acquis.yaml
  • Purpose:
    • ingest Nginx access/error logs with CrowdSec for broader behavior-based decisions.

Notes

  • Use either fail2ban or CrowdSec as your primary auto-ban control, or carefully run both with clear ownership of ban actions.
  • Validate log paths match your deployment:
    • /var/log/nginx/fiddy-access.log
    • /var/log/nginx/fiddy-error.log