From b0f31821b7bb284e4870f995fd992190dfe4d752 Mon Sep 17 00:00:00 2001 From: cangui Date: Mon, 18 Aug 2025 18:30:07 +0200 Subject: [PATCH] up --- docker-compose.yml | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 919275c..f01e9ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,16 +7,17 @@ services: dockerfile: Dockerfile container_name: shelfy-go working_dir: /app + # ⚠️ Si LocalAI utilise 8080, tu as déjà mappé 8090:8080 côté HTTP, OK. ports: - "8090:8080" - - "2121:2121" # si tu gardes FTP - - "30000-30100:30000-30100" # si tu gardes FTP - - "2222:2222" # SFTP - + - "2121:2121" # FTP (si utilisé) + - "30000-30100:30000-30100" # FTP passive (si utilisé) + - "2222:2222" # SFTP extra_hosts: - - "dockerhost:host-gateway" # accès à l'hôte depuis le conteneur + - "dockerhost:host-gateway" volumes: - shelfy_upload:/app/upload + - shelfy_logs:/var/log/shelfy # <-- partage des logs avec Fail2ban labels: - traefik.http.routers.shelfy.middlewares=webdav-allow-methods@docker - traefik.http.middlewares.webdav-allow-methods.headers.accesscontrolallowmethods=GET,PUT,POST,DELETE,PROPFIND,OPTIONS,LOCK,UNLOCK,HEAD @@ -25,6 +26,27 @@ services: - 8.8.8.8 - 1.1.1.1 restart: unless-stopped + # ✅ Astuce simple pour avoir un fichier de log lisible par Fail2ban + # Remplace `./app` par ta commande/entrypoint réel si besoin. + command: [ "sh", "-c", "./app 2>&1 | tee -a /var/log/shelfy/shelfy.log" ] + + fail2ban: + image: crazymax/fail2ban:latest + container_name: fail2ban + # On bannit via iptables du host + network_mode: host + cap_add: + - NET_ADMIN + - NET_RAW + environment: + - TZ=Europe/Paris + - F2B_LOG_TARGET=STDOUT + - F2B_DB_PURGE_AGE=1d + volumes: + - ./fail2ban:/data # conf jails/filters persistantes + - shelfy_logs:/var/log/shelfy:ro # lit les logs de shelfy + restart: unless-stopped volumes: shelfy_upload: + shelfy_logs: