23 lines
823 B
Markdown
23 lines
823 B
Markdown
# Security Templates
|
|
|
|
This folder contains host-side security templates for public launch hardening.
|
|
|
|
## fail2ban (recommended baseline)
|
|
- Config location:
|
|
- `docker/security/fail2ban/jail.d/fiddy-nginx.conf`
|
|
- `docker/security/fail2ban/filter.d/fiddy-nginx-auth.conf`
|
|
- Purpose:
|
|
- ban repeated abusive requests against auth, join, and invite endpoints.
|
|
|
|
## CrowdSec (optional alternative/complement)
|
|
- Config location:
|
|
- `docker/security/crowdsec/acquis.yaml`
|
|
- Purpose:
|
|
- ingest Nginx access/error logs with CrowdSec for broader behavior-based decisions.
|
|
|
|
## Notes
|
|
- Use either fail2ban or CrowdSec as your primary auto-ban control, or carefully run both with clear ownership of ban actions.
|
|
- Validate log paths match your deployment:
|
|
- `/var/log/nginx/fiddy-access.log`
|
|
- `/var/log/nginx/fiddy-error.log`
|