add fail2ban and configure it for docker

DockerEntrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Start fail2ban
+fail2ban-client -x -f start
+
+# Run x-ui
+exec /app/x-ui

DockerInit.sh

@@ -1,22 +1,28 @@
 #!/bin/sh
-if [ $1 == "amd64" ]; then
+
-    ARCH="64";
+case $1 in
-    FNAME="amd64";
+    amd64)
-elif [ $1 == "arm64" ]; then
+        ARCH="64"
-    ARCH="arm64-v8a"
+        FNAME="amd64"
-    FNAME="arm64";
+        ;;
-else
+    arm64)
-    ARCH="64";
+        ARCH="arm64-v8a"
-    FNAME="amd64";
+        FNAME="arm64"
-fi
+        ;;
+    *)
+        ARCH="64"
+        FNAME="amd64"
+        ;;
+esac
+
 mkdir -p build/bin
 cd build/bin
+
 wget "https://github.com/mhsanaei/xray-core/releases/latest/download/Xray-linux-${ARCH}.zip"
 unzip "Xray-linux-${ARCH}.zip"
 rm -f "Xray-linux-${ARCH}.zip" geoip.dat geosite.dat iran.dat
 mv xray "xray-linux-${FNAME}"
+
 wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat"
 wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat"
 wget "https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat"
-
-cd ../../

Dockerfile

@@ -1,20 +1,45 @@
-#Build latest x-ui from source
+# ========================================================
+# Stage: Builder
+# ========================================================
 FROM --platform=$BUILDPLATFORM golang:1.20.4-alpine AS builder
 WORKDIR /app
 ARG TARGETARCH
-RUN apk --no-cache --update add build-base gcc wget unzip
+ENV CGO_ENABLED=1
+
+RUN apk --no-cache --update add \
+  build-base \
+  gcc \
+  wget \
+  unzip
+
 COPY . .
-RUN env CGO_ENABLED=1 go build -o build/x-ui main.go
+
+RUN go build -o build/x-ui main.go
 RUN ./DockerInit.sh "$TARGETARCH"
 
-
+# ========================================================
-#Build app image using latest x-ui
+# Stage: Final Image of 3x-ui
+# ========================================================
 FROM alpine
 ENV TZ=Asia/Tehran
 WORKDIR /app
 
-RUN apk add ca-certificates tzdata
+RUN apk add --no-cache --update \
+  ca-certificates \
+  tzdata \
+  fail2ban
 
 COPY --from=builder  /app/build/ /app/
+COPY --from=builder  /app/DockerEntrypoint.sh /app/
+
+# Configure fail2ban
+RUN rm -f /etc/fail2ban/jail.d/alpine-ssh.conf \
+  && cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local \
+  && sed -i "s/^\[ssh\]$/&\nenabled = false/" /etc/fail2ban/jail.local
+
+RUN chmod +x \
+  /app/DockerEntrypoint.sh \
+  /app/x-ui
+
 VOLUME [ "/etc/x-ui" ]
-ENTRYPOINT [ "/app/x-ui" ]
+ENTRYPOINT [ "/app/DockerEntrypoint.sh" ]

install.sh

@@ -8,7 +8,7 @@ plain='\033[0m'
 cur_dir=$(pwd)
 
 # check root
-[[ $EUID -ne 0 ]] && echo -e "${red}Fatal error：${plain} Please run this script with root privilege \n " && exit 1
+[[ $EUID -ne 0 ]] && echo -e "${red}Fatal error: ${plain} Please run this script with root privilege \n " && exit 1
 
 # Check OS and set release variable
 if [[ -f /etc/os-release ]]; then
@@ -41,12 +41,12 @@ if [[ "${release}" == "centos" ]]; then
     fi
 elif [[ "${release}" == "ubuntu" ]]; then
     if [[ ${os_version} -lt 20 ]]; then
-        echo -e "${red}please use Ubuntu 20 or higher version！${plain}\n" && exit 1
+        echo -e "${red}please use Ubuntu 20 or higher version!${plain}\n" && exit 1
     fi
 
 elif [[ "${release}" == "fedora" ]]; then
     if [[ ${os_version} -lt 36 ]]; then
-        echo -e "${red}please use Fedora 36 or higher version！${plain}\n" && exit 1
+        echo -e "${red}please use Fedora 36 or higher version!${plain}\n" && exit 1
     fi
 
 elif [[ "${release}" == "debian" ]]; then
@@ -68,7 +68,7 @@ install_base() {
     esac
 }
 
-#This function will be called when user installed x-ui out of sercurity
+# This function will be called when user installed x-ui out of sercurity
 config_after_install() {
     echo -e "${yellow}Install/update finished! For security it's recommended to modify panel settings ${plain}"
     read -p "Do you want to continue with the modification [y/n]? ": config_confirm