henk23 · September 21, 2024 06:46
diff --git a/caddy.local b/caddy.local
 # Fail2Ban v1.0.2 and Caddy v2.7.6
 #
 # Created this solution based on these 2 articles:
 #
 # https://muetsch.io/how-to-integrate-caddy-with-fail2ban.html
 # https://www.kassner.com.br/en/2023/09/10/fail2ban-caddy-json-logs/
 #
 # However, the regex and date pattern shown in these posts did not quite work for me.
 # This worked:

 # /etc/fail2ban/filter.d/caddy.local

 [Definition]
 failregex = "client_ip":"<HOST>"(?:.*)"status":(?:403|404)
 datepattern = "ts":{Epoch}
diff --git a/Caddyfile b/Caddyfile
 # /etc/caddy/Caddyfile

 {
 	log {
 		output file /var/log/caddy/caddy.log
 		format json
 	}
 }

 (logging) {
 	log {
 		output file /var/log/caddy/{args[0]}.access.log
 		format json
 	}
 }

 www.example.com {
 	reverse_proxy localhost:8000
 	import logging www.example.com
 }

 # Catches all requests that are not handled above:

 :80, :443 {
 	import logging catchall
 	respond "Access denied" 403 {
 		close
 	}
 }
diff --git a/jail.local b/jail.local
 # /etc/fail2ban/jail.local

 [caddy]
 enabled = true
 port = http,https
 logpath = /var/log/caddy/*.log
 maxretry = 10
	# Fail2Ban v1.0.2 and Caddy v2.7.6
	#
	# Created this solution based on these 2 articles:
	#
	# https://muetsch.io/how-to-integrate-caddy-with-fail2ban.html
	# https://www.kassner.com.br/en/2023/09/10/fail2ban-caddy-json-logs/
	#
	# However, the regex and date pattern shown in these posts did not quite work for me.
	# This worked:

	# /etc/fail2ban/filter.d/caddy.local

	[Definition]
	failregex = "client_ip":"<HOST>"(?:.*)"status":(?:403\|404)
	datepattern = "ts":{Epoch}
	# /etc/caddy/Caddyfile

	{
	log {
	output file /var/log/caddy/caddy.log
	format json
	}
	}

	(logging) {
	log {
	output file /var/log/caddy/{args[0]}.access.log
	format json
	}
	}

	www.example.com {
	reverse_proxy localhost:8000
	import logging www.example.com
	}

	# Catches all requests that are not handled above:

	:80, :443 {
	import logging catchall
	respond "Access denied" 403 {
	close
	}
	}