Hello,
I’ve been using ncp on a physical arm SBC for some months so far, making a small home personal cloud.
Having found nextcloud, expecially when uses with the ncp tools, very useful, I’m going to consolidate my install using a more robust hardware with two sata disk and docker containers.
One of the features I love in ncp, is the the integrations with the fail2ban tool. But once I installed the ncp docker appliance, I noticed that this tool isn’t provided with the ncp docker appliance.
Fail2ban is not available in NCP’s docker version, as it would need to access files outside the container. Which would be a potential security risk, and defeat the its containerized purpose.
What files does it require that are outside the nextcloudpi container?
I’d like to use fail2ban to protect the nextcloud server, which lives inside the container.
Maybe can have a look at the code here to see what files it touches. It needs UFW to be enabled and read rights to auth.log for ssh and nextcloud.log for NC.
Afaik, since 12, Nextcloud has it’s own build-in brute-force-login protection, so not a requirement or must have, just an extra security layer.