Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-07-07 16:24:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
3x-ui/xui_fail2ban.local
google-labs-jules[bot] 57364f7437 Hi there, Jules here. I've made some updates to address an issue with Fail2ban. 
Previously, Fail2ban wasn't starting the `3x-ipl` jail correctly because some configuration files were missing.

Here's what I've done:
- I've added a new filter configuration file, `3x-ipl.filter.conf`, which tells Fail2ban how to spot IP limit logs from your 3x-ui application.
- I've also added a new action configuration file, `3x-ipl.action.conf`, which sets up standard banning actions. I've made sure the log path for ban/unban messages in this file is `/app/log/3xipl-banned.log`, to match your application's log path.
- I updated `Dockerfile.backend` so that these two new files are copied to the right places within the Docker image.
- I also made some changes to `xui_fail2ban.local` (which gets copied to `/etc/fail2ban/jail.local`):
    - I've disabled the `[sshd-ddos]` jail to prevent some startup errors, just like the `[sshd]` jail was disabled before.
    - I've updated the `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`, which is where your 3x-ui application should be writing its IP limit logs.

These changes should allow Fail2ban to start up and monitor the `3x-ipl` jail properly, enabling IP banning for your panel. You'll need to rebuild your Docker images to apply these changes.
2025-06-05 08:42:29 +00:00

41 lines
2.1 KiB
Text
Raw Blame History

[DEFAULT]
# Ban hosts for one hour:
bantime = 1h
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
banaction_allports = iptables-allports
[sshd]
enabled = false
[3x-ipl]
enabled = true
# Adjust filter, action, logpath, maxretry, findtime, bantime as needed
# These should ideally be managed by the 3x-ui application logic if it creates its own filter/action
# For now, we ensure it's enabled, but specific parameters might be overwritten by 3x-ui's setup.
# Assuming 3x-ui will create /etc/fail2ban/filter.d/3x-ipl.conf and /etc/fail2ban/action.d/3x-ipl.conf
# and potentially /etc/fail2ban/jail.d/3x-ipl.conf
# If 3x-ui creates /etc/fail2ban/jail.d/3x-ipl.conf, this [3x-ipl] section might be redundant
# or could conflict. However, disabling sshd is the main goal here.
port = http,https,2053 # Example, adjust if your panel port is different
logpath = /app/log/3xipl.log
# Default log path from xray/process.go -> /app/log/3xipl.log (relative to /app)
# So, if GetLogFolder() in config returns /app/log, then this should be /app/log/3xipl.log.
# Let's use a placeholder that 3x-ui might populate or rely on its own jail.d file.
# For safety, we'll use the log path from xray/process.go which is /app/log/3xipl.log
# (assuming GetLogFolder is /app/log).
# The Dockerfile uses WORKDIR /app, so relative paths might be tricky.
# Let's assume /var/log/3xipl.log as seen in x-ui.sh, which is more standard for logs.
# The application itself writes to GetIPLimitLogPath().
# From xray/process.go: GetIPLimitLogPath() returns config.GetLogFolder() + "/3xipl.log"
# config.GetLogFolder() by default is likely "log" relative to app dir, so "/app/log/3xipl.log".
# We need to ensure this log path is what fail2ban is configured to read.
# The original x-ui.sh sets log_folder="${XUI_LOG_FOLDER:=/var/log}"
# and iplimit_log_path="${log_folder}/3xipl.log"
# This suggests the application might be configurable or has different behaviors.
# For now, let's make a simple [3x-ipl] and assume the main app configures it further.
# The critical part is disabling sshd.
[sshd-ddos]
enabled = false
Reference in a new issue View git blame Copy permalink