I’ve been doing some selfhosting and want to setup fail2ban for my exposed apps, but am unsure if that should be setup on my router (OpenWRT), on each server that may be exposed, or just in the Caddy container?
My setup right now is: TP-Link router with OpenWRT Lenovo M910q with Proxmox, which hosts the following:
- Caddy in a container for reverse proxies to hosted apps
- Home Assistant OS in VM#1
- Other apps in docker containers on VM#2
Thank you! I’ll start there and check that I can easily access the logs.