Using fail2ban to protect containers from brute force attack

Hi, I’m new to docker.
A few weeks ago I started using docker and definitely It felt relatively easy to install, setup server softwares than traditional way.

What felt harder than before is security, before using docker I simply ran server processes in one host and just turned on fail2ban to protect them.

Now I’m trying to protect novnc, shell in a box, nginx(http basic auth) containers from brute force password cracking attack.

I decided to use fail2ban to protect containers. I came up with two idea but don’t know what is the most common and secure way and I think there must be better Idea than these ideas:

First: Running single fail2ban server inside host and share log file with containers using -v option -> What if I have multiple containers of same type?

Second: Running fail2ban server inside every container -> I have to build custom images which contain and execute fail2ban server when I want to run a server.

Furthermore, some services use systemd journal instead of simple log file, how should I resolve this problem too?

1 Like