omv7 filebrowser et swag

  • Vague de SPAM

    Suite à une vague de spam sur le forum, les inscriptions sont temporairement limitées.

    Après votre inscription, un membre de l'équipe devra valider votre compte avant qu'il ne soit activé. Nous sommes désolés pour la gêne occasionnée et vous remercions de votre patience.
P

pimo

Apprenti
Membre Confirmé
27 Novembre 2022
70
12
13
Voila suite a un carte mère qui a lâché sur le NAS diy de l'asso. J'ai tout réinstaller de zéro.
OMV7 , docker compose :container duckdns, portainer, swag et filebrowser.
Ça fonctionne comme avant nickel. Mais en c'est temps troublé avec beaucoup de cyberattaque je me suis motiver pour voir si le fail2ban de swag faisait le boulot.
Ha ma grande surprise sur ma "config"(je suis une brèle en code) j'ai fait plusieurs accès avec erreur de mot de passe (une dizaine en moins de 5 mins ) et le compteur
fail2ban du dashboard swag reste a zéro sur filebrowser???
Je me suis donc dit j'ai loupé une config quelque part.
Donc après un peu de lecture j'ai activé les logs de connexion de filebrowser , dans swag et jail.d la config failbrowser et créer un fichier filebrowser.conf dans filter.d.
(avec la doc de ce site https://filebrowser.org/deployment.html )
Je me suis dit cool cette fois si c'est bon. Et ben toujours pas a première vue fail2ban arrive pas à lire et comprendre le log de filebrowser. C'est moche ;).
Après plusieurs essai de regex dans filebrowser.conf avec chatgpt ben c'est toujours pareil.

Je me tourne donc vers vous pour voir si quelqu'un a une solution à ce problème.

voici docker compose filebrowser
services:
filebrowser:
image: filebrowser/filebrowser:s6
ports:
- "8282:80"

volumes:
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/data:/srv
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/config:/config
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/database:/database
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/branding:/branding
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/logs:/logs

environment:
PUID: 996
PGID: 100

# LOGS FILEBROWSER
FB_LOG: /logs/filebrowser.log
FB_LOG_LEVEL: info

# IP réelle derrière SWAG
FB_PROXY_HEADERS: X-Forwarded-For

restart: unless-stopped

le fichier de log filebrowser
2025/12/21 12:33:05 Listening on [::]:80
2025/12/21 12:34:44 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:36:58 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:37:08 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:37:11 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:37:18 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:46:10 Got signal: terminated
2025/12/21 12:46:10 Stopped serving new connections.
2025/12/21 12:46:10 Graceful shutdown complete.
2025/12/21 12:46:38 Listening on [::]:80
2025/12/21 12:56:24 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:56:30 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:56:37 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:56:46 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:56:54 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:56:55 /api/login: 403 78.240.59.134 <nil>
2025/12/21 12:57:03 /api/login: 403 78.240.59.134 <nil>
2025/12/21 18:56:50 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:56:57 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:02 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:03 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:09 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:18 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:23 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:27 /api/login: 403 191.101.31.141 <nil>
2025/12/21 18:57:31 /api/login: 403 191.101.31.141 <nil>
2025/12/21 21:14:09 Got signal: terminated
2025/12/21 21:14:09 Stopped serving new connections.
2025/12/21 21:14:09 Graceful shutdown complete.
2025/12/22 11:50:02 Listening on [::]:80
2025/12/22 23:05:26 Got signal: terminated
2025/12/22 23:05:26 Stopped serving new connections.
2025/12/22 23:05:26 Graceful shutdown complete.
2025/12/23 18:03:35 Listening on [::]:80
2025/12/23 20:23:38 /api/login: 403 191.101.31.162 <nil>
2025/12/23 20:23:44 /api/login: 403 191.101.31.162 <nil>
2025/12/23 20:23:48 /api/login: 403 191.101.31.162 <nil>
2025/12/23 20:23:52 /api/login: 403 191.101.31.162 <nil>
2025/12/23 20:23:56 /api/login: 403 191.101.31.162 <nil>
2025/12/23 20:24:00 /api/login: 403 191.101.31.162 <nil>
2025/12/23 21:18:00 Got signal: terminated
2025/12/23 21:18:00 Stopped serving new connections.
2025/12/23 21:18:00 Graceful shutdown complete.
2025/12/23 21:20:53 Listening on [::]:80
2025/12/23 21:25:24 Got signal: terminated
2025/12/23 21:25:24 Stopped serving new connections.
2025/12/23 21:25:24 Graceful shutdown complete.
2025/12/24 07:13:57 Listening on [::]:80
2025/12/25 04:49:06 Got signal: terminated
2025/12/25 04:49:06 Stopped serving new connections.
2025/12/25 04:49:06 Graceful shutdown complete.
2025/12/25 10:25:35 Listening on [::]:80


Le compose de swag
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
environment:
- DOCKER_MODS=linuxserver/mods:swag-dashboard
- PUID=996
- PGID=100
- TZ=Europe/Paris
- URL=-----------------.org
- VALIDATION=duckdns
- SUBDOMAINS=wildcard
- DUCKDNSTOKEN=----------------------------------------
- EMAIL=----------------------------
volumes:
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/swag/config:/config
- /srv/dev-disk-by-uuid-9aa5aba4-4801-403b-a4f5-f1f5bbf78a60/appdata/compose/filebrowser/logs:/logs/filebrowser:ro
ports:
- 443:443
- 81:81
restart: unless-stopped


Le jail.local de swag
## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/fail2ban/jail.local
# This is the custom version of the jail.conf for fail2ban
# Feel free to modify this and add additional filters
# Then you can drop the new filter conf files into the fail2ban-filters
# folder and restart the container

[DEFAULT]
# Prevents banning LAN subnets
ignoreip = 10.0.0.0/8
192.168.0.0/16
172.16.0.0/12

# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
banaction = iptables-allports

# "bantime" is the number of seconds that a host is banned.
bantime = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 5


[ssh]
enabled = false

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /config/log/nginx/error.log

[nginx-badbots]
enabled = true
port = http,https
filter = nginx-badbots
logpath = /config/log/nginx/access.log
maxretry = 2

[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /config/log/nginx/access.log

[nginx-deny]
enabled = true
port = http,https
filter = nginx-deny
logpath = /config/log/nginx/error.log

[nginx-unauthorized]
enabled = true
port = http,https
filter = nginx-unauthorized
logpath = /config/log/nginx/access.log

[filebrowser]
enabled = true
port = http,https
filter = filebrowser
logpath = /logs/filebrowser/filebrowser.log
maxretry = 5
bantime = 600
findtime = 3600
banaction = iptables-allports
banaction_allports = iptables-allports

Et le filebrowser.conf dans filter.d
[INCLUDES]
before = common.conf

[Definition]
datepattern = `^%%Y\/%%m\/%%d %%H:%%M:%%S`
failregex = `\/api\/login: 403 <HOST> *`


la copie d'ecran du dasboard swag aprés les erreurs de connections

swag.jpg


et la copie d'ecran de commande ssh generer via chatgpt pour voir si swag match avec le log filebrowser

docker exec -it swag fail2ban-regex /logs/filebrowser/filebro wser.log /config/fail2ban/filter.d/filebrowser.conf --print-all-missed

Running tests
=============

Use filter file : filebrowser, basedir: /config/fail2ban
Use datepattern : `^%Y\/%m\/%d %H:%M:%S` : `^Year\/Month\/Day 24hour:Minute :Second`
Use log file : /logs/filebrowser/filebrowser.log
Use encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 52 lines, 0 ignored, 0 matched, 52 missed
[processed in 0.00 sec]

|- Missed line(s):
| 2025/12/21 12:33:05 Listening on [::]:80
| 2025/12/21 12:34:44 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:36:58 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:37:08 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:37:11 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:37:18 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:46:10 Got signal: terminated
| 2025/12/21 12:46:10 Stopped serving new connections.
| 2025/12/21 12:46:10 Graceful shutdown complete.
| 2025/12/21 12:46:38 Listening on [::]:80
| 2025/12/21 12:56:24 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:56:30 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:56:37 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:56:46 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:56:54 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:56:55 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 12:57:03 /api/login: 403 78.240.59.134 <nil>
| 2025/12/21 18:56:50 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:56:57 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:02 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:03 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:09 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:18 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:23 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:27 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 18:57:31 /api/login: 403 191.101.31.141 <nil>
| 2025/12/21 21:14:09 Got signal: terminated
| 2025/12/21 21:14:09 Stopped serving new connections.
| 2025/12/21 21:14:09 Graceful shutdown complete.
| 2025/12/22 11:50:02 Listening on [::]:80
| 2025/12/22 23:05:26 Got signal: terminated
| 2025/12/22 23:05:26 Stopped serving new connections.
| 2025/12/22 23:05:26 Graceful shutdown complete.
| 2025/12/23 18:03:35 Listening on [::]:80
| 2025/12/23 20:23:38 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 20:23:44 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 20:23:48 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 20:23:52 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 20:23:56 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 20:24:00 /api/login: 403 191.101.31.162 <nil>
| 2025/12/23 21:18:00 Got signal: terminated
| 2025/12/23 21:18:00 Stopped serving new connections.
| 2025/12/23 21:18:00 Graceful shutdown complete.
| 2025/12/23 21:20:53 Listening on [::]:80
| 2025/12/23 21:25:24 Got signal: terminated
| 2025/12/23 21:25:24 Stopped serving new connections.
| 2025/12/23 21:25:24 Graceful shutdown complete.
| 2025/12/24 07:13:57 Listening on [::]:80
| 2025/12/25 04:49:06 Got signal: terminated
| 2025/12/25 04:49:06 Stopped serving new connections.
| 2025/12/25 04:49:06 Graceful shutdown complete.
| 2025/12/25 10:25:35 Listening on [::]:80


J'ai forcement foirer quelque chose. Si vous avez une idée je suis preneur.

Merci d'avance.
 
Bonjour, non pas d'update omv7 vers omv8
J'ai installé omv7 directement sur le ssd système formater avant.
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas
Retour