From 3f421afe97f32995c3888425f57522535f371e2d Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddhesh237@gmail.com>
Date: Mon, 13 Jul 2020 21:36:06 +0530
Subject: [PATCH 1/4] Configure fail2ban for ubuntu & debian

Signed-off-by: Riddhesh Sanghvi <riddhesh237@gmail.com>
---
 addons/fail2ban/jail.local.snippet          |  8 +++++++
 addons/fail2ban/rtcamp-nginx-req-limit.conf | 13 +++++++++++
 functions                                   | 26 +++++++++++++++++++++
 setup.sh                                    |  2 ++
 4 files changed, 49 insertions(+)
 create mode 100644 addons/fail2ban/jail.local.snippet
 create mode 100644 addons/fail2ban/rtcamp-nginx-req-limit.conf

diff --git a/addons/fail2ban/jail.local.snippet b/addons/fail2ban/jail.local.snippet
new file mode 100644
index 0000000..867e28f
--- /dev/null
+++ b/addons/fail2ban/jail.local.snippet
@@ -0,0 +1,8 @@
+[rtcamp-nginx-req-limit]
+enabled = true
+filter = rtcamp-nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /opt/easyengine/sites/*/logs/nginx/error.log
+findtime = 600
+bantime = 86400
+maxretry = 5
diff --git a/addons/fail2ban/rtcamp-nginx-req-limit.conf b/addons/fail2ban/rtcamp-nginx-req-limit.conf
new file mode 100644
index 0000000..a84d7cc
--- /dev/null
+++ b/addons/fail2ban/rtcamp-nginx-req-limit.conf
@@ -0,0 +1,13 @@
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
diff --git a/functions b/functions
index 3fb67d2..59466b8 100644
--- a/functions
+++ b/functions
@@ -306,3 +306,29 @@ function pull_easyengine_images() {
   ee_log_info1 "Pulling EasyEngine docker images"
   "$EE4_BINARY" cli info
 }
+
+function install_addons() {
+  install_fail2ban
+}
+
+function install_fail2ban() {
+
+  if ! command -v lsb_release >/dev/null 2>&1; then
+    return
+  fi
+  # Only configure fail2ban if Ubuntu/Debain distro is detected.
+  distro=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//)
+  if [[ 'Ubuntu' == "$distro" ]] || [[ 'Debian' == "$distro" ]]; then
+    # Check if fail2ban exists. If not install it.
+    if ! command -v fail2ban >/dev/null 2>&1; then
+      # Running standard docker installation.
+      ee_log_info1 "Installing fail2ban"
+      apt install fail2ban -y
+      wget -O /etc/fail2ban/filter.d/rtcamp-nginx-req-limit.conf https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/rtcamp-nginx-req-limit.conf
+      cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+      wget -O - https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/jail.local.snippet >> /etc/fail2ban/jail.local
+      service fail2ban restart
+      ee_log_info1 "fail2ban configured"
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/setup.sh b/setup.sh
index 47a0b3b..c4ae3c6 100644
--- a/setup.sh
+++ b/setup.sh
@@ -42,6 +42,8 @@ function do_install() {
   download_and_install_easyengine
   ee_log_info1 "Pulling EasyEngine docker images"
   pull_easyengine_images
+  ee_log_info1 "Installing addons"
+  install_addons
   ee_log_info1 "Run \"ee help site\" for more information on how to create a site."
 }
 

From 2a89ff339d052b1b8f545e231b19cf7b630a0803 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddhesh237@gmail.com>
Date: Wed, 29 Jul 2020 17:39:47 +0530
Subject: [PATCH 2/4] Add trailing line

Signed-off-by: Riddhesh Sanghvi <riddhesh237@gmail.com>
---
 functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions b/functions
index 59466b8..ae3f933 100644
--- a/functions
+++ b/functions
@@ -331,4 +331,4 @@ function install_fail2ban() {
       ee_log_info1 "fail2ban configured"
     fi
   fi
-}
\ No newline at end of file
+}

From 48fb55ac7d06fdb6c0010afe53145adcedfd56a4 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddhesh237@gmail.com>
Date: Wed, 29 Jul 2020 17:40:16 +0530
Subject: [PATCH 3/4] Update name

Signed-off-by: Riddhesh Sanghvi <riddhesh237@gmail.com>
---
 addons/fail2ban/jail.local.snippet | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/addons/fail2ban/jail.local.snippet b/addons/fail2ban/jail.local.snippet
index 867e28f..41f6547 100644
--- a/addons/fail2ban/jail.local.snippet
+++ b/addons/fail2ban/jail.local.snippet
@@ -1,6 +1,6 @@
-[rtcamp-nginx-req-limit]
+[easyengine-nginx-req-limit]
 enabled = true
-filter = rtcamp-nginx-req-limit
+filter = easyengine-nginx-req-limit
 action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
 logpath = /opt/easyengine/sites/*/logs/nginx/error.log
 findtime = 600

From 450062b5981bbdd87971f2868af050f70e3ba459 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Thu, 1 Jul 2021 11:37:06 +0530
Subject: [PATCH 4/4] Remove wrong comment

---
 functions | 1 -
 1 file changed, 1 deletion(-)

diff --git a/functions b/functions
index ae3f933..368dd8e 100644
--- a/functions
+++ b/functions
@@ -321,7 +321,6 @@ function install_fail2ban() {
   if [[ 'Ubuntu' == "$distro" ]] || [[ 'Debian' == "$distro" ]]; then
     # Check if fail2ban exists. If not install it.
     if ! command -v fail2ban >/dev/null 2>&1; then
-      # Running standard docker installation.
       ee_log_info1 "Installing fail2ban"
       apt install fail2ban -y
       wget -O /etc/fail2ban/filter.d/rtcamp-nginx-req-limit.conf https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/rtcamp-nginx-req-limit.conf