[BUG] fail2ban reload command doesn't work

[abaurens]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The fail2ban-client reload and fail2ban-client restart commands are ineffectives, and calling fail2ban-client restart spamms swag's log with this error

2025-09-16 12:57:21,143 fail2ban                [4298]: ERROR   Server already running

From what I understand, this is because swag copies fail2ban config to /etc/fail2ban/ during it's init sequence:

docker-swag/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

Lines 14 to 31 in 72e5347

	# copy/update the fail2ban config defaults to/in /config
	cp -R /defaults/fail2ban/filter.d /config/fail2ban/
	cp -R /defaults/fail2ban/action.d /config/fail2ban/
	# if jail.local is missing in /config, copy default
	if [[ ! -f /config/fail2ban/jail.local ]]; then
	cp /defaults/fail2ban/jail.local /config/fail2ban/jail.local
	fi
	# Replace fail2ban config with user config
	if [[ -d /etc/fail2ban/filter.d ]]; then
	rm -rf /etc/fail2ban/filter.d
	fi
	if [[ -d /etc/fail2ban/action.d ]]; then
	rm -rf /etc/fail2ban/action.d
	fi
	cp -R /config/fail2ban/filter.d /etc/fail2ban/
	cp -R /config/fail2ban/action.d /etc/fail2ban/
	cp /defaults/fail2ban/fail2ban.local /etc/fail2ban/
	cp /config/fail2ban/jail.local /etc/fail2ban/jail.local

This behavior forces the user to fully restart swag to reload fail2ban config, which is NOT specified anywhere in swag's doc.
Especially, the using-fail2ban section talks a little bit about fail2ban-client and invite users to read it's documentation here which tgalks about the reload and restart options.

Expected Behavior

Option 1:
Fix the doc to clearly state that fail2ban-client reload and fail2ban-client restart does not work and that a full swag restart is required instead.

Option 2:
Fix the behavior and make fail2ban-client reload successfully detects changes to jails and other fail2ban config.

Could be by detecting changes in fail2ban config and re-trigering the copy.
I'd at least expect this on swag instances with SWAG_AUTORELOAD enabled, but preferably, this would also automatically call fail2ban-client restart.

Steps To Reproduce

• Start swag container
• Edit swag's fail2ban config (i.e: add/modify a jail to /config/fail2ban/jail.local)
• Reload fail2ban config docker exec -i swag fail2ban-client reload
• Check /config/log/fail2ban/fail2ban.log and see the changes are ignored.

Environment

- OS: Debian GNU/Linux 12 (bookworm)
- How docker service was installed: docker-compose

CPU architecture

x86-64

Docker creation

---
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1002
      - PGID=100
      - TZ=Europe/Paris
      - EMAIL=<redacted>
      - URL=example.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=ovh
      - ONLY_SUBDOMAINS=false
      - STAGING=false
      - REMOVE_OLD_MODS=true
      - SWAG_AUTORELOAD=true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${PORTAINER_APPDATA_PATH}/certs:/ssl/certs
      - ${PORTAINER_APPDATA_PATH}/swag/config:/config
      - ${PORTAINER_APPDATA_PATH}/swag/dashboard:/dashboard
      - ${PORTAINER_APPDATA_PATH}/swag/custom-init:/custom-cont-init.d
      - ${PORTAINER_APPDATA_PATH}/authelia/config/authelia.log:/service_logs/authelia/authelia.log:ro
      - /tmp/swag-dashboard:/tmp
    ports:
      - 80:80
      - 443:443
    networks: 
      proxynet:
        ipv4_address: 172.10.1.1

Container logs

2025-09-16 12:57:21,143 fail2ban                [4298]: ERROR   Server already running
2025-09-16 12:57:22,215 fail2ban                [4301]: ERROR   Server already running
2025-09-16 12:57:23,287 fail2ban                [4304]: ERROR   Server already running
2025-09-16 12:57:24,357 fail2ban                [4307]: ERROR   Server already running
2025-09-16 12:57:25,430 fail2ban                [4310]: ERROR   Server already running
2025-09-16 12:57:26,505 fail2ban                [4313]: ERROR   Server already running
2025-09-16 12:57:27,577 fail2ban                [4316]: ERROR   Server already running
2025-09-16 12:57:28,651 fail2ban                [4319]: ERROR   Server already running
2025-09-16 12:57:29,725 fail2ban                [4322]: ERROR   Server already running
2025-09-16 12:57:30,797 fail2ban                [4325]: ERROR   Server already running
2025-09-16 12:57:31,854 fail2ban                [4328]: ERROR   Server already running
2025-09-16 12:57:32,927 fail2ban                [4331]: ERROR   Server already running
2025-09-16 12:57:33,999 fail2ban                [4334]: ERROR   Server already running
2025-09-16 12:57:35,067 fail2ban                [4337]: ERROR   Server already running
2025-09-16 12:57:36,139 fail2ban                [4340]: ERROR   Server already running
2025-09-16 12:57:37,200 fail2ban                [4343]: ERROR   Server already running
2025-09-16 12:57:38,271 fail2ban                [4346]: ERROR   Server already running
2025-09-16 12:57:39,344 fail2ban                [4349]: ERROR   Server already running
2025-09-16 12:57:40,416 fail2ban                [4352]: ERROR   Server already running
2025-09-16 12:57:41,488 fail2ban                [4355]: ERROR   Server already running
2025-09-16 12:57:42,560 fail2ban                [4358]: ERROR   Server already running
2025-09-16 12:57:43,635 fail2ban                [4361]: ERROR   Server already running
2025-09-16 12:57:44,690 fail2ban                [4364]: ERROR   Server already running
2025-09-16 12:57:45,764 fail2ban                [4367]: ERROR   Server already running

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[drizuid]

can't reproduce the issue, but i've been using fail2ban-client reload for years and continue to do so.

it does appear you deployed using portainer which we do not support or recommend and also places this outside of our support scope.

to be clear, i edited my jail.local and changed a setting, saved my change, then did fail2ban-client reload

i would suggest that if this issue persists, you deploy in a supported manner and visit us on discord.

[github-actions]

A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[abaurens]

it does appear you deployed using portainer which we do not support or recommend and also places this outside of our support scope.

I indeed did deploy the stack using Portainer.
I hardly see how this would make any difference since Portainer is suppose to use standard docker compose (at least that's how I use it).
However, I wouldn't call myself a docker expert at all, so it's entirely possible that I missed something there.

I will close the issue and procede to test this as you suggested, by deploying my compose file manually and joining the discord if I get same or scimilar result that way 👍