Fail2Ban VS Nginx Proxy Manager

now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

See https://github.com/fail2ban/fail2ban for beginner's guide, basically you set it up to monitor logfiles and it would act accordingly (plenty of built-in config to handle various daemons so you don't have to write yourself).

- Nginx & crowdsec/fail2ban if you are exposing your parts (services) to the public ( https://hub.docker.com/r/baudneo/nginx-proxy-manager, https://www.crowdsec.net, https://www.fail2ban.org )

— In /etc/fail2ban/action.d/cloudflare.conf I copied the file from https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.confand added my ‘cftoken’ and ‘cfuser’ on the bottom

https://github.com/fail2ban/fail2ban is a mature, easy to set up way to have some dynamic firewall rules that respond to attacks. There are more sophisticated options, but they are probably not worth the return on time investment for you.

You can create your own regexes for custom services: https://github.com/fail2ban/fail2ban/wiki/Developing-Regex-in-Fail2ban

Others seem to be (or were) experiencing this too: https://github.com/fail2ban/fail2ban/issues/3100

I discovered these 3 amazing projects recently:

Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad

Immich, google photos self hostable, with share options https://github.com/immich-app/immich

Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager

Great self hosting stuff!

Nginx Proxy Manager

Take a look at NginxProxyManager. This would give you the opportunity to put everything in the form of service1.domain.com , service2.domain.com ,etc.

Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0

I started looking into how to make add dynamic IPs to NPM access lists. I came across a couple of GitHub issues (1, 2) on the topic. It looks like people have solved the problem, but not in a complete way without modifying the NPM docker image. I did not want to do that, so decided looking into writing a separate script.

Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.

Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.

My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.

[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...

Edit: If you're using Nginx Proxy Manager there seems to be open PR for support for proxy protocol https://github.com/NginxProxyManager/nginx-proxy-manager/pull/1882 however in the comments there's a name of repository with this PR merged.