nextcloud
bruteforcesettings vs fail2ban
I'm wondering what's the difference between bruteforcesettings and fail2ban (which integration in Nextcloud is detailed here). Does it make sense to use/install both?
I just found this old question with no answers, and I will answer in case someone stumbles upon this.
The bruteforcesettings bans IPs on the nextcloud authentication level, while fail2ban bans IPs on the whole system. You should definitely use fail2ban, as it offers some (not full) protection by default for other use cases, such as SSH. It doesn't hurt to have bruteforcesettings running as well. Of course, bruteforcesettings would be redundant, but it is better to play safe and if something is misconfigured or bugs out someday, at least you have one more layer of security.
