GitLab and Fail2Ban

[hack3rcon]

Hello,
GitLab uses Nginx and PostgreSQL internally. I want to protect Nginx with Fail2Ban. The GitLab log directory contains the following files:

# ls  /var/log/gitlab/nginx/
access.log  config  current  error.log    gitlab_access.log  gitlab_access.log.1.gz  gitlab_error.log  lock

Because this is not a normal Nginx installation, the path of the log files is different. Is the following Fail2Ban configuration OK?

[nginx-http-auth]
enabled = true
port     = http,https
logpath = /var/log/gitlab/nginx/*error.log
findtime = 600
bantime = 7200
maxretry = 3

Thank you.

[sebres]

Is the following Fail2Ban configuration OK?

It depends...

If it is the log of gitlab location only (and nginx has also other locations or server/host sections, writing to default logpath), it'd be rather something like this:

logpath = %(known/logpath)s
          /var/log/gitlab/nginx/*error.log

%(known/logpath)s is normally /var/log/nginx/*error.log (depending on distro etc).
Also it'd imply that the format of log by auth-failures from gitlab is the same than default nginx-error-log matching with nginx-http-auth filter (and it is written from nginx and not from gitlab self), otherwise you'd need different filter (and logpath), see #3566 (comment) for an example.
I don't think gitlab uses basic authentication, but again it may depend on some constellation (or/and gitlab config).

Anyway you can check whether it'd find matches with:

fail2ban-regex /var/log/gitlab/nginx/gitlab_error.log nginx-http-auth

(prerequisite is you have seen authentication failures, or simulated them by yourselves)