Securing the login page


I am running cockpit via the author maintained docker. I’m wondering if there’s a good way to secure the login page against brute force? I use nginx and fail2ban with my site, but I’m not sure how to get fail2ban to monitor the docker’s logs? Or if there is a simpler way to add a timeout function to the login page?


@rexdjw, that is possible now (after using the Logger addon (, that would provide logging (file or rsyslog) about the failed logins so you can have specific rules with fail2ban, e.g.: