swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-11 13:47:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

dynamically include curl option to when self-signed https certificates are used

Browse Source
This commit is contained in:
Michael Reber
2025-12-30 15:55:57 +01:00
parent 7525f38e25
commit ad12bc0db9
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/config/settings.go
View File

@@ -141,6 +141,7 @@ const (
actionCallbackPlaceholder = "__CALLBACK_URL__" actionCallbackPlaceholder = "__CALLBACK_URL__"
actionServerIDPlaceholder = "__SERVER_ID__" actionServerIDPlaceholder = "__SERVER_ID__"
actionSecretPlaceholder = "__CALLBACK_SECRET__" actionSecretPlaceholder = "__CALLBACK_SECRET__"
actionCurlInsecureFlag = "__CURL_INSECURE_FLAG__"
) )
// jailLocalBanner is the standard banner for jail.local files // jailLocalBanner is the standard banner for jail.local files
@@ -175,7 +176,7 @@ norestored = 1
# Option: actionban # Option: actionban
# This executes a cURL request to notify our API when an IP is banned. # This executes a cURL request to notify our API when an IP is banned.
actionban = /usr/bin/curl -X POST __CALLBACK_URL__/api/ban \ actionban = /usr/bin/curl__CURL_INSECURE_FLAG__ -X POST __CALLBACK_URL__/api/ban \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-H "X-Callback-Secret: __CALLBACK_SECRET__" \ -H "X-Callback-Secret: __CALLBACK_SECRET__" \
-d "$(jq -n --arg serverId '__SERVER_ID__' \ -d "$(jq -n --arg serverId '__SERVER_ID__' \
@@ -189,7 +190,7 @@ actionban = /usr/bin/curl -X POST __CALLBACK_URL__/api/ban \
# Option: actionunban # Option: actionunban
# This executes a cURL request to notify our API when an IP is unbanned. # This executes a cURL request to notify our API when an IP is unbanned.
actionunban = /usr/bin/curl -X POST __CALLBACK_URL__/api/unban \ actionunban = /usr/bin/curl__CURL_INSECURE_FLAG__ -X POST __CALLBACK_URL__/api/unban \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-H "X-Callback-Secret: __CALLBACK_SECRET__" \ -H "X-Callback-Secret: __CALLBACK_SECRET__" \
-d "$(jq -n --arg serverId '__SERVER_ID__' \ -d "$(jq -n --arg serverId '__SERVER_ID__' \
@@ -1082,9 +1083,18 @@ func BuildFail2banActionConfig(callbackURL, serverID, secret string) string {
secret = generateCallbackSecret() secret = generateCallbackSecret()
} }
} }
// Determine if we need to use -k flag for HTTPS with self-signed certificates
// This allows curl to work with self-signed, in-house CA certificates
// For HTTP URLs, we use a empty string.
curlInsecureFlag := ""
if strings.HasPrefix(strings.ToLower(trimmed), "https://") {
curlInsecureFlag = " -k"
}
config := strings.ReplaceAll(fail2banActionTemplate, actionCallbackPlaceholder, trimmed) config := strings.ReplaceAll(fail2banActionTemplate, actionCallbackPlaceholder, trimmed)
config = strings.ReplaceAll(config, actionServerIDPlaceholder, serverID) config = strings.ReplaceAll(config, actionServerIDPlaceholder, serverID)
config = strings.ReplaceAll(config, actionSecretPlaceholder, secret) config = strings.ReplaceAll(config, actionSecretPlaceholder, secret)
config = strings.ReplaceAll(config, actionCurlInsecureFlag, curlInsecureFlag)
return config return config
} }

9
pkg/web/handlers.go
View File

@@ -1839,6 +1839,15 @@ func UpdateSettingsHandler(c *gin.Context) {
config.DebugLog("Warning: failed to update some remote action files: %v", err) config.DebugLog("Warning: failed to update some remote action files: %v", err)
// Don't fail the request, just log the warning // Don't fail the request, just log the warning
} }
// Also update local action file if callback URL changed
settings := config.GetSettings()
for _, server := range settings.Servers {
if server.Type == "local" && server.Enabled {
if err := config.EnsureLocalFail2banAction(server); err != nil {
config.DebugLog("Warning: failed to update local action file: %v", err)
}
}
}
} }
// Check if Fail2Ban DEFAULT settings changed and push to all enabled servers // Check if Fail2Ban DEFAULT settings changed and push to all enabled servers