this post was submitted on 29 Mar 2026
38 points (93.2% liked)

Selfhosted

56958 readers
412 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
38
Where to install fail2ban? (lemmy.world)
submitted 1 month ago by anticonnor@lemmy.world to c/selfhosted@lemmy.world
16 comments fedilink hide all child comments
 

I've been doing some selfhosting and want to setup fail2ban for my exposed apps, but am unsure if that should be setup on my router (OpenWRT), on each server that may be exposed, or just in the Caddy container?

My setup right now is: TP-Link router with OpenWRT Lenovo M910q with Proxmox, which hosts the following:

  • Caddy in a container for reverse proxies to hosted apps
  • Home Assistant OS in VM#1
  • Other apps in docker containers on VM#2
you are viewing a single comment's thread
view the rest of the comments
[–] nymnympseudonym@piefed.social 12 points 1 month ago (3 children)

Honest question: Why fail2ban? Have you considered crowdsec ?

I used to use the former; I've found the latter to be easier to maintain and I like that it shares threats real-time

[–] irotsoma@piefed.blahaj.zone 5 points 1 month ago (1 children)

I didn't like crowdsec because of the limits on the free account. For example, I got way more than the 500 max monthly alerts just with one application being protected. So it was difficult to analyze threats. It was easier to set up though. And both serve slightly different use cases.

[–] MangoPenguin@lemmy.blahaj.zone 3 points 1 month ago

You can analyze with either the CLI or log files piped into something like OpenObserve which is what I do. You don't technically need their dashboard.

[–] anticonnor@lemmy.world 3 points 1 month ago

I'll give it a look. No real reason for fail2ban specifically, it's just often mentioned as an easy process for beginners.

[–] irmadlad@lemmy.world 2 points 1 month ago (1 children)

Honest question: Why fail2ban? Have you considered crowdsec ?

Why not both?

[–] MangoPenguin@lemmy.blahaj.zone 5 points 1 month ago (1 children)

Crowdsec does everything fail2ban does so not much point.

[–] irmadlad@lemmy.world 1 points 1 month ago

In my thinking, redundancy, defense in depth.....maybe? May be overkill. I run them both with no issues.