swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-11 13:47:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4c8f235b5b6baf3e0a5803873ef4a0f49de2e904
fail2ban-ui/deployment/systemd/README.md

189 lines
4.7 KiB
Markdown
Raw Blame History

# Fail2Ban-UI Systemd Setup
This guide provides two methods to **run Fail2Ban-UI as a systemd service**.
1. Systemd service that starts the local compiled binary.
2. Systemd service that starts the fail2ban-ui container.
## For SELinux enabled systems (needed in bouth cases)
If SELinux is enabled, you must apply the required SELinux policies to allow Fail2Ban to communicate with the Fail2Ban-UI API via port 8080.
Apply the prebuilt SELinux Module with:
```bash
semodule -i fail2ban-curl-allow.pp
```
## Build and running Fail2Ban-UI from Local Source Code
In this case we will run **Fail2Ban-UI from `/opt/fail2ban-ui/`** using systemd.
### Prerequisites
Install **Go 1.22+** and required dependencies:
```bash
sudo dnf install -y golang git whois
```
Make sure you setup GeoIP and your country database is available under: `/usr/share/GeoIP/GeoLite2-Country.mmdb`
Clone the repository to `/opt/fail2ban-ui`:
```bash
sudo git clone https://github.com/swissmakers/fail2ban-ui.git /opt/fail2ban-ui
cd /opt/fail2ban-ui
sudo go build -o fail2ban-ui ./cmd/main.go
```
### Create the fail2ban-ui.service
Save this file as `/etc/systemd/system/fail2ban-ui.service`:
```ini
[Unit]
Description=Fail2Ban UI
After=network.target fail2ban.service
Requires=fail2ban.service
[Service]
WorkingDirectory=/opt/fail2ban-ui
ExecStart=/opt/fail2ban-ui/fail2ban-ui
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
```
### Start & Enable the Service
1. Reload systemd to detect our new service:
```bash
sudo systemctl daemon-reload
```
2. Enable and start the service:
```bash
sudo systemctl enable fail2ban-ui.service --now
```
3. Check the status:
```bash
sudo systemctl status fail2ban-ui.service
```
### View Logs
To see the real-time logs of Fail2Ban-UI:
```bash
sudo journalctl -u fail2ban-ui.service -f
```
### Restart or Stop
Restart:
```bash
sudo systemctl restart fail2ban-ui.service
```
Stop:
```bash
sudo systemctl stop fail2ban-ui.service
```
## Running Fail2Ban-UI as a (Systemd controlled) Container
This method runs Fail2Ban-UI as a **containerized service** with **automatic startup** and handling through systemd.
### Prerequisites
- Ensure **Podman** or **Docker** is installed.
For **Podman**:
```bash
sudo dnf install -y podman
```
For **Docker** (if preferred):
```bash
sudo dnf install -y docker
sudo systemctl enable --now docker
```
Make sure you setup GeoIP and your country database is available under: `/usr/share/GeoIP/GeoLite2-Country.mmdb`
Create the needed folder to store the fail2ban-ui config:
```bash
sudo mkdir /opt/podman-fail2ban-ui
```
### Create the fail2ban-ui-container.service
Save this file as `/etc/systemd/system/fail2ban-ui-container.service`:
```ini
[Unit]
Description=Fail2Ban UI (Containerized)
After=network.target fail2ban.service
Requires=fail2ban.service
[Service]
ExecStart=/usr/bin/podman run --rm \
--name fail2ban-ui \
--network=host \
-v /opt/podman-fail2ban-ui:/config:Z \
-v /etc/fail2ban:/etc/fail2ban:Z \
-v /var/log:/var/log:ro \
-v /var/run/fail2ban:/var/run/fail2ban \
-v /usr/share/GeoIP:/usr/share/GeoIP:ro \
localhost/fail2ban-ui
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
```
### For SELinux enabled systems
If SELinux is enabled, you must apply the required SELinux policies to allow the container to communicate with Fail2Ban.
The policies are located here: "`../container/SELinux/`"
Apply the prebuilt SELinux Modules with:
```bash
semodule -i fail2ban-container-ui.pp
semodule -i fail2ban-container-client.pp
```
#### Manually Compile and Install SELinux Rules
If you want to change or compile the SELinux rules by yourself run:
```bash
checkmodule -M -m -o fail2ban-container-client.mod fail2ban-container-client.te
semodule_package -o fail2ban-container-client.pp -m fail2ban-container-client.mod
semodule -i fail2ban-container-client.pp
```
### Start & Enable the Container Service
1. Reload systemd to detect the new service:
```bash
sudo systemctl daemon-reload
```
2. Enable and start the containerized service:
```bash
sudo systemctl enable --now fail2ban-ui-container.service
```
3. Check the status:
```bash
sudo systemctl status fail2ban-ui-container.service
```
### View Logs
```bash
sudo journalctl -u fail2ban-ui-container.service -f
```
### Restart or Stop
Restart:
```bash
sudo systemctl restart fail2ban-ui-container.service
```
Stop:
```bash
sudo systemctl stop fail2ban-ui-container.service
```
## **Contact & Support**
For issues, visit our GitHub repository:
🔗 [GitHub Issues](https://github.com/swissmakers/fail2ban-ui/issues)
For enterprise support:
🔗 [Swissmakers GmbH](https://swissmakers.ch)
Reference in New Issue View Git Blame Copy Permalink