#!/bin/bash
# Setup Fail2ban for Nginx

set -e

echo "Setting up Fail2ban..."

# Install fail2ban if not installed
if ! command -v fail2ban-server &> /dev/null; then
    apt update
    apt install -y fail2ban
fi

# Create filter for Nginx
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
DEPLOYMENT_DIR="$( cd "$SCRIPT_DIR/.." && pwd )"

cat > /etc/fail2ban/filter.d/nginx-limit-req.conf << 'EOF'
[Definition]
failregex = ^.*limiting requests, excess:.*by zone.*client: <HOST>.*$
ignoreregex =
EOF

# Create jail configuration
cat > /etc/fail2ban/jail.d/explorer.conf << 'EOF'
[nginx-limit-req]
enabled = true
port = http,https
logpath = /var/log/nginx/explorer-error.log
maxretry = 10
findtime = 600
bantime = 3600

[nginx-botsearch]
enabled = true
port = http,https
logpath = /var/log/nginx/explorer-access.log
maxretry = 2
findtime = 600
bantime = 86400
EOF

# Restart fail2ban
systemctl restart fail2ban

# Check status
fail2ban-client status

echo "Fail2ban configured!"
echo "Jails: nginx-limit-req, nginx-botsearch"