Fail2ban

bxl-shp/apps/docker-compose.honeypots.yaml

@@ -6,6 +6,8 @@ services:
     - "com.centurylinklabs.watchtower.enable=true"
     environment:
     - PORT=24587
+    - TZ=Europe/Paris
     volumes:
+    - /etc/localtime:/etc/localtime:ro
     - $DATA/honeypots/ssh-honeypot:/app/data:rw
     network_mode: host

bxl-shp/apps/docker-compose.wiki.yaml

@@ -15,7 +15,7 @@ services:
     labels:
     - "traefik.enable=true"
     - "traefik.http.routers.wikijs.rule=Host(`wiki.bhasher.com`)"
-    - "traefik.http.routers.wikijs.entrypoints=internalsecure"
+    - "traefik.http.routers.wikijs.entrypoints=internalsecure,externalsecure"
     - "traefik.http.services.wikijs.loadbalancer.server.port=3000"
     - "traefik.http.routers.wikijs.tls=true"
     - "traefik.http.routers.wikijs.tls.certresolver=http"

bxl-shp/config/idp/authelia.configuration.yaml

@@ -6,7 +6,9 @@ server:
   port: 9091
 
 log:
-  level: info
+  level: warn
+  file_path: /logs/authelia.log
+  #format: json
 
 totp:
   disable: false

bxl-shp/system/docker-compose.auth.yaml

@@ -84,7 +84,8 @@ services:
     - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
     volumes:
     - $CONFIG/idp/authelia.configuration.yaml:/config/configuration.yml:ro
-    - $DATA/authelia:/secrets:ro
+    - $DATA/authelia/secrets:/secrets:ro
+    - $DATA/authelia/logs:/logs:rw
     networks:
     - auth
     - storage

bxl-shp/system/docker-compose.fail2ban.yaml

@@ -11,6 +11,8 @@ services:
     volumes:
     - $DATA/fail2ban:/data
     - $DATA/vaultwarden:/remotelogs/vaultwarden:ro
+    - $DATA/honeypots/ssh-honeypot:/remotelogs/ssh-honeypot:ro
+    - $DATA/authelia/logs:/remotelogs/authelia:ro
     - type: bind
       source: /home/shp/.ssh/mkrouter
       target: /ssh-key/mkrouter