librelad 875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00

159 lines
4.9 KiB
Bash
Executable File

#!/bin/bash
# Category : Security
# Description : Fail2Ban - Intrusion Prevention (c/u/s/r/i):
installFail2ban()
{
local config_variables="$1"
if [[ "$fail2ban" == *[cCtTuUsSrRiI]* ]]; then
dockerConfigSetupToContainer silent fail2ban;
local app_name=$CFG_FAIL2BAN_APP_NAME
initializeAppVariables $app_name;
fi
if [[ "$fail2ban" == *[cC]* ]]; then
editAppConfig $app_name;
fi
if [[ "$fail2ban" == *[uU]* ]]; then
dockerUninstallApp $app_name;
fi
if [[ "$fail2ban" == *[sS]* ]]; then
dockerComposeDown $app_name;
fi
if [[ "$fail2ban" == *[rR]* ]]; then
dockerComposeRestart $app_name;
fi
if [[ "$fail2ban" == *[iI]* ]]; then
isHeader "Install $app_name"
((menu_number++))
echo ""
echo "---- $menu_number. Checking if $app_name can be installed."
echo ""
dockerCheckAllowedInstall "$app_name" || return 1
((menu_number++))
echo ""
echo "---- $menu_number. Setting up install folder and config file for $app_name."
echo ""
dockerConfigSetupToContainer "loud" "$app_name" "install" "$config_variables";
isSuccessful "Install folders and Config files have been setup for $app_name."
((menu_number++))
echo ""
((menu_number++))
echo ""
echo "---- $menu_number. Setting up the $app_name docker-compose.yml file."
echo ""
dockerComposeSetupFile $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Setting up AbuseIPDB for fail2ban if api key is provided"
echo ""
if [ -n "$CFG_FAIL2BAN_ABUSEIPDB_APIKEY" ]; then
checkSuccess "API key found, setting up the config file."
local result=$(createFolders "loud" $docker_install_user $containers_dir$app_name/logs)
checkSuccess "Creating logs folder"
local result=$(cd $containers_dir$app_name && createTouch $containers_dir$app_name/logs/auth.log $docker_install_user)
checkSuccess "Creating Auth.log file"
local result=$(createFolders "loud" $docker_install_user $containers_dir$app_name/config/$app_name $containers_dir$app_name/config/$app_name/action.d)
checkSuccess "Creating config and action.d folders"
# AbuseIPDB
local result=$(cd $containers_dir$app_name/config/$app_name/action.d/ && sudo curl -o abuseipdb.conf https://raw.githubusercontent.com/fail2ban/fail2ban/0.11/config/action.d/abuseipdb.conf)
checkSuccess "Downloading abuseipdb.conf from GitHub"
local result=$(sudo sed -i "s/abuseipdb_apikey =/abuseipdb_apikey =$CFG_FAIL2BAN_ABUSEIPDB_APIKEY/g" $containers_dir$app_name/config/$app_name/action.d/abuseipdb.conf)
checkSuccess "Setting up abuseipdb_apikey"
# Jail.local
local result=$(createFolders "loud" $docker_install_user $containers_dir$app_name/config/$app_name/)
checkSuccess "Creating $app_name folder"
local result=$(copyResource "$app_name" "jail.local" "config/$app_name" | sudo tee -a "$logs_dir/$docker_log_file" 2>&1)
checkSuccess "Coping over jail.local from Resources folder"
# Append abuseipdb action only when a key is set.
sudo tee -a "$containers_dir$app_name/config/$app_name/jail.local" >/dev/null <<EOF
[sshd]
action = %(action_)s
%(action_abuseipdb)s[abuseipdb_apikey="$CFG_FAIL2BAN_ABUSEIPDB_APIKEY", abuseipdb_category="5,14,15,18,19,21,22"]
EOF
checkSuccess "Appended AbuseIPDB action to jail.local"
else
isNotice "No API key found, please provide one if you want to use AbuseIPDB"
fi
((menu_number++))
echo ""
echo "---- $menu_number. Updating file permissions before starting."
echo ""
fixPermissionsBeforeStart $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
echo ""
dockerComposeUpdateAndStartApp $app_name install;
((menu_number++))
echo ""
echo "---- $menu_number. Running Application specific updates (if required)"
echo ""
appUpdateSpecifics $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Adding $app_name to the Apps Database table."
echo ""
databaseInstallApp $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Running Headscale setup (if required)"
echo ""
setupHeadscale $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Updating WebUI config file."
echo ""
webuiContainerSetup $app_name install;
((menu_number++))
echo ""
echo "---- $menu_number. You can find $app_name files at $containers_dir$app_name"
echo ""
echo " Your $app_name service is now online!"
echo ""
menu_number=0
#sleep 3s
cd
fi
fail2ban=n
}