I’ve been doing some selfhosting and want to setup fail2ban for my exposed apps, but am unsure if that should be setup on my router (OpenWRT), on each server that may be exposed, or just in the Caddy container?

My setup right now is: TP-Link router with OpenWRT Lenovo M910q with Proxmox, which hosts the following:

  • Caddy in a container for reverse proxies to hosted apps
  • Home Assistant OS in VM#1
  • Other apps in docker containers on VM#2
  • nymnympseudonym@piefed.socialEnglish
    112·
    10 hours ago

    Honest question: Why fail2ban? Have you considered crowdsec ?

    I used to use the former; I’ve found the latter to be easier to maintain and I like that it shares threats real-time

    • Jul (they/she)@piefed.blahaj.zoneEnglish
      61·
      9 hours ago

      I didn’t like crowdsec because of the limits on the free account. For example, I got way more than the 500 max monthly alerts just with one application being protected. So it was difficult to analyze threats. It was easier to set up though. And both serve slightly different use cases.

      • Taasz/Woof@lemmy.blahaj.zoneEnglish
        2·
        7 hours ago

        You can analyze with either the CLI or log files piped into something like OpenObserve which is what I do. You don’t technically need their dashboard.

    • anticonnor@lemmy.worldOPEnglish
      3·
      9 hours ago

      I’ll give it a look. No real reason for fail2ban specifically, it’s just often mentioned as an easy process for beginners.