From 94f57a5f00a0d28183f3aec3753e8cb9cd0972e4 Mon Sep 17 00:00:00 2001
From: Joby Elliott <code@byjoby.com>
Date: Wed, 23 Oct 2024 17:31:33 -0600
Subject: [PATCH] fix for duplicate banned IPs in nginx config

---
 install/nginx-cloudflare-fail2ban.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/install/nginx-cloudflare-fail2ban.sh b/install/nginx-cloudflare-fail2ban.sh
index 9d39330..a8e8511 100644
--- a/install/nginx-cloudflare-fail2ban.sh
+++ b/install/nginx-cloudflare-fail2ban.sh
@@ -21,16 +21,19 @@ map $http_cf_connecting_ip $is_banned {
 CONFFILE
 
 # Create fail2ban action
-echo "Creating fail2ban action..."
 tee /etc/fail2ban/action.d/nginx-banned-ips.conf << 'ACTIONFILE'
 [Definition]
 actionstart = 
 actionstop = 
 actioncheck = 
-actionban = echo '<ip> 1;' >> /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
-actionunban = sed -i '/<ip>/d' /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
+actionban = grep -q '^<ip> 1;$' /etc/nginx/conf.d/banned_ips.conf || echo '<ip> 1;' >> /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
+actionunban = sed -i '/^<ip> 1;$/d' /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
 ACTIONFILE
 
+# Clean up existing duplicates
+sort -u /etc/nginx/conf.d/banned_ips.conf > /etc/nginx/conf.d/banned_ips.conf.tmp && \
+mv /etc/nginx/conf.d/banned_ips.conf.tmp /etc/nginx/conf.d/banned_ips.conf
+
 # Test NGINX configuration
 echo "Testing NGINX configuration..."
 nginx -t