I’ve been doing some selfhosting and want to setup fail2ban for my exposed apps, but am unsure if that should be setup on my router (OpenWRT), on each server that may be exposed, or just in the Caddy container?

My setup right now is: TP-Link router with OpenWRT Lenovo M910q with Proxmox, which hosts the following:

  • Caddy in a container for reverse proxies to hosted apps
  • Home Assistant OS in VM#1
  • Other apps in docker containers on VM#2
  • irmadlad@lemmy.worldEnglish
    1·
    6 hours ago

    In my thinking, redundancy, defense in depth…maybe? May be overkill. I run them both with no issues.