feat: enable traefik access logs for fail2ban http jails #15

Merged

gortium merged 1 commits from feat/traefik-access-logs-for-fail2ban into master 2026-05-01 12:18:23 +00:00

Conversation 0 Commits 1 Files Changed 1 +5 -2

Hermes commented 2026-05-01 03:08:05 +00:00

Collaborator

Copy Link

Summary

Enables Traefik access logging to support fail2ban HTTP authentication and bot detection jails.

Changes

Traefik Configuration

• Added --accesslog.filepath=/var/log/traefik/access.log
• Added --log.filepath=/var/log/traefik/traefik.log
• Changed log level from DEBUG to INFO (reduces noise)
• Mounted /var/log/traefik volume to host filesystem

Why This Matters

Fail2ban needs access to HTTP access logs to detect:

• Brute force login attempts (401/403 responses)
• Web scanning/attacks (404s on common attack paths like /wp-admin, /.git, /.env)

Without this, the http-auth and http-botsearch jails cannot function.

Deployment

cd ~/infra/assets/compose/network
docker compose up -d traefik

# Verify logs are being written
ls -la /var/log/traefik/
tail -f /var/log/traefik/access.log

Verification

After deploying, make some HTTP requests and verify:

# Should show recent requests
tail /var/log/traefik/access.log

# Fail2ban should now be able to read the log
fail2ban-client status http-auth
fail2ban-client status http-botsearch

Related

• Depends on: infra PR #30 (fail2ban jail configuration)
• Skill: nixos-server-hardening

## Summary Enables Traefik access logging to support fail2ban HTTP authentication and bot detection jails. ## Changes ### Traefik Configuration - Added `--accesslog.filepath=/var/log/traefik/access.log` - Added `--log.filepath=/var/log/traefik/traefik.log` - Changed log level from `DEBUG` to `INFO` (reduces noise) - Mounted `/var/log/traefik` volume to host filesystem ## Why This Matters Fail2ban needs access to HTTP access logs to detect: - Brute force login attempts (401/403 responses) - Web scanning/attacks (404s on common attack paths like /wp-admin, /.git, /.env) Without this, the `http-auth` and `http-botsearch` jails cannot function. ## Deployment ```bash cd ~/infra/assets/compose/network docker compose up -d traefik # Verify logs are being written ls -la /var/log/traefik/ tail -f /var/log/traefik/access.log ``` ## Verification After deploying, make some HTTP requests and verify: ```bash # Should show recent requests tail /var/log/traefik/access.log # Fail2ban should now be able to read the log fail2ban-client status http-auth fail2ban-client status http-botsearch ``` ## Related - Depends on: infra PR #30 (fail2ban jail configuration) - Skill: `nixos-server-hardening`

Hermes added 1 commit 2026-05-01 03:08:06 +00:00

feat: enable traefik access logs for fail2ban http jails a79fe9dffa

Hermes referenced this pull request from gortium/infra 2026-05-01 03:08:48 +00:00

security: harden server with firewall, fail2ban, and SSH protections #30

Hermes referenced this pull request from gortium/infra 2026-05-01 03:34:11 +00:00

security: harden lazyworkhorse with firewall, fail2ban, SSH hardening #28

gortium merged commit 1b0dbed52e into master 2026-05-01 12:18:23 +00:00

gortium deleted branch feat/traefik-access-logs-for-fail2ban 2026-05-01 12:18:24 +00:00

gortium referenced this issue from a commit 2026-05-01 12:18:26 +00:00

Merge pull request 'feat: enable traefik access logs for fail2ban http jails' (#15) from feat/traefik-access-logs-for-fail2ban into master

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Hermes gortium

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gortium/compose#15

No description provided.