add docs: hardening lnbits server with fail2ban

[wrapnuts]

Tasks

1. Consider adding a section to the docs about hardening. This could include a section on fail2ban.

Fail2Ban section

Fail2Ban prevents intrusions and brute-force attacks by monitoring your server logs and blocking IP addresses.

1. Install fail2ban with your preferred packet manager
   sudo apt install fail2ban
   sudo systemctl enable fail2ban

2. Create a custom jail for your lnbits server

sudo nano /etc/fail2ban/jail.d/lnbits.local

[lnbits]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = lnbits
maxretry = 5
bantime = 86400
findtime = 600
logpath = /home/user/path/to/log

3. Create a custom filter for your lnbits server. It will ban failed authentications for login attempts and bots guessing your wallet strings

sudo nano /etc/fail2ban/filter.d/lnbits.conf

[Definition]
failregex = ^.*\|\sINFO\s\|\s<HOST>:\d+\s-\s"POST\s/api/v1/auth.*"\s401
            ^.*\|\sINFO\s\|\s<HOST>:\d+\s-\s"(GET|POST)\s/wallet/.*"\s(401|403|404|405|307)
ignoreregex =

4. Restart fail2ban and test if it works
   sudo systemctl daemon-reload
   sudo restart fail2ban.service
   sudo fail2ban-client status lnbits