Hi all. I’m not certain this is acceptable here, but I’m hoping somebody can point me in the right direction.
I’m running an Unraid server with several dockers, including Homeassistant and Nextcloud, as well as LetsEncrypt as a reverse proxy. It is all running fine.
Since the LetsEncrypt container is already running fail2ban, I’m hoping a can utilize that.
Now, the solution in the document I linked requires generating SSH keys on the fail2ban instance, and then trusting those keys on pfSense. This will allow fail2ban to SSH into pfSense and run a script to ban/unban an IP.
That brings me to my question. How can I generate SSH keys on the LetsEncrypt docker that are persistent when re-deploying the image?
If that is not possible, do you have any other suggestions for a secure way to execute a script on the pfSense box from the LetsEncrypt docker?
Thanks for taking the time to read this and for any feedback you can provide!
They keys are easy. Create a folder under /config and store them there (you can create keys on any machine, they will be a key pair, the public one will go into pfsense, private one to letsencrypt). That folder is persistent. But you also have to install openssh-client inside the image. To make that persistent, you can use the container customization we provide: https://blog.linuxserver.io/2019/09/14/customizing-our-containers/
In short, create the folder /config/custom-cont-init.d and drop a script into it with the following contents:
First, let me apologize because I am not very familiar with linux, and I think that may be hindering me here.
I created the custom-cont-init.d folder, and added a text file named “script” with the contents that you provided. I attempted to force Unraid to re-deploy the docker image by adding a space to one of the parameters and then deleting it. That gave me this output: