Fail2Ban on separate docker (swag)

I’m using a HassOS VM on Unraid and as well as the linuxserver/swag container for all of my nginx/reverese proxy needs. I have the reverse proxy setup and working well for HA.

I’ve also configured fail2ban for most of my sites and I’d like to do the same with HA. I’m just wondering if anyone has configured their setup like this. I’m trying to figure out how I can map the log file from within the VM to be inside the swag docker container so that fail2ban can watch the logs.

I’m reading up on how I can map smb shares with credentails, etc in docker containers but I’m not having much luck so far.

1 Like

Hey sorry i cant help with your question but would you happen to have details on how to you got your swag container working with home assistant? I just cant figure it out, stuck on how to write up the proxy conf file on the Swag container to point to my HA server.

I ended up getting Fail2Ban working with this in a round about way :slight_smile:

I edited and used the pre-built example that came with Swag in the proxy-conf directory. Do you see a whole lot of example files in there?

awesome glad you got it sorted :slight_smile:

And yes i see them, i did try and edit the home assistant conf file in there but i dont think i got it right, theres a lot there that i dont really understand. Also my home assistant is a VM not a container which changes the conf file more i think

Here’s my file - I don’t think it would matter if it’s a VM or container, you just need to make sure you’re pointing to the correct IP/port.

I think the only parts I changed was the $upstream_app IP: part.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name homeassistant.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_app;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;


    location /api {
        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_app;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

Awesome thanks ive used that and copied in my subdomain and HA ip address, could you also please post your http: section from your HA configuration file? I dont think i have that area set up correctly either…

Here it is. The IP listed is the IP of my Swag container.

  use_x_forwarded_for: true

Dam still not wanting to work…
Are you using a subdomain to reach home assistant? Also no other areas you had to edit?
Is your Swag container set up under the custom docker network or does it have an IP in your home network?

I’m using a subdomain, yes. I can’t think of anything else I changed to get it all to work.
I have a separate VLAN setup for services that I host to the outside world. Do you have any other things working in nginx or is this the first thing you’ve tried to host?
Just wondering if it’s a HA issue or nginx issue.

Can you share how do you were able to configure fail2ban in swag?

I also have Unraid with HASS VM and Swag as reverse proxy, but I don’t know how to use fail2ban with HA


Hey mate, along with the stuff I wrote above I also setup a share in Unassigned Devices to mount the ‘//x.x.x.x/config’ share from Home Assistant. Make sure you’ve setup the Samba share add-on in HA. This way I then have access to the home-assistant.log file from within Unraid.

Then in the Swag docker container settings I added a Path that points to that location in Unraid (most likely /mnt/remotes/x.x.x.x_config). Now you have access to the log file from within Swag.

The only annoying thing with this setup is that when I reboot or stop the array and start everything back up I need to go back and hit mount in Unassigned Devices as it tries to mount it before the HA VM has started. I’m sure this can be fixed with a script with a delay in it but I haven’t bothered with this yet.

Thanks man
I’ll try do that :wink:

I was hoping that we could configure HA to respond some error code back to swag and that way we could use it for fail2ban.

Thanks again :wink: