Make CALLBACK_URL and secret configurable through the env

2026-04-19 06:53:14 +02:00 · 2026-02-10 17:00:59 +01:00
parent 339118d89f
commit 01bc815bde
5 changed files with 68 additions and 7 deletions
--- a/docker-compose-allinone.example.yml
+++ b/docker-compose-allinone.example.yml
@@ -57,6 +57,20 @@ services:
      # When set to false, the footer will not request the latest release from GitHub (e.g. air-gapped or privacy-sensitive environments).
      # - UPDATE_CHECK=false

+      # ============================================
+      # Callback Settings (Optional)
+      # ============================================
+      # Optional: External address where Fail2ban instances send ban/unban API calls back to Fail2ban-UI.
+      # Default: http://127.0.0.1:<PORT> (works when Fail2ban runs in the same network namespace).
+      # For container setups with bridge networking or remote Fail2ban servers, set this to an address
+      # reachable from those instances (e.g. the Docker/Podman gateway IP or the host LAN IP).
+      # When set, this env var always takes priority over the value in the UI settings.
+      # - CALLBACK_URL=http://10.88.0.1:3080
+      # Optional: Shared secret used to authenticate ban/unban callbacks from Fail2ban instances.
+      # If not set, a secure random secret is auto-generated on first start.
+      # When set, this env var always takes priority over the auto-generated or stored value.
+      # - CALLBACK_SECRET=your-secure-shared-secret
+
      # ============================================
      # OIDC Authentication (Optional)
      # ============================================