services: fail2ban-ui: # Use pre-built image from Docker Hub (default) image: swissmakers/fail2ban-ui:latest # Alternative: Use Swissmakers registry (fallback) # image: registry.swissmakers.ch/infra/fail2ban-ui:latest # Or build from source (uncomment to use): # build: # context: . # dockerfile: Dockerfile container_name: fail2ban-ui #privileged: true # needed if you want to use a container-local fail2ban instance (because fail2ban.sock is owned by root) # a single all-in-one container is planned, currently you need to use the fail2ban container from linuxserver, see docker-compose-allinone.yml for an example network_mode: host environment: # Optional: Change this to use a different port for the web interface (defaults is 8080) - PORT=8080 # Optional: Bind to a specific IP address (default: 0.0.0.0) # This is useful when running with host networking to prevent exposing # the web UI to unprotected networks. Set to a specific IP (e.g., 127.0.0.1 # or a specific interface IP) to restrict access. # - BIND_ADDRESS=127.0.0.1 volumes: # Required for fail2ban-ui: Stores SQLite database, application settings, and SSH keys of the fail2ban-ui container - /opt/podman-fail2ban-ui:/config:Z # Required for fail2ban-ui: Used for testing, that logpath is working, before enabeling a jail. Without this read only access the fail2ban-ui will not be able to enable jails (logpath-test would fail) - /var/log:/var/log:ro # Required for local fail2ban instance: Fail2Ban configuration directory, needed for managing a local Fail2Ban instance (e.g. on host system) via fail2ban-ui - /etc/fail2ban:/etc/fail2ban:Z # Required for local fail2ban instance: Fail2Ban socket directory, needed for local Fail2Ban (e.g. on host system) for control via fail2ban-ui - /var/run/fail2ban:/var/run/fail2ban # Optional: Enables geographic IP analysis features via GeoIP databases (GeoIP must be installed and configured on the host system) - /usr/share/GeoIP:/usr/share/GeoIP:ro restart: unless-stopped