Update .gitignore to exclude fail2ban data directory, clean up docker-compose.yaml by removing unused volume mappings, and add new Fail2Ban filter configurations for enhanced security against various attack vectors.

fail2ban/filter.d/nginx-badbots.conf

@@ -0,0 +1,12 @@
+[Definition]
+# JSON logs with ISO-8601 timestamps
+datepattern = {^LN-BEG}%%Y-%%m-%%dT%%H:%%M:%%S(?:[.,]\\d+)?(?:Z|[+\\-]\\d{2}:\\d{2})?
+
+# Catch typical scanners and CLI/automation libraries (case-insensitive via (?i))
+# Prefer x_forwarded_for (real client IP) if present; fall back to remote_addr.
+# NOTE: One "failregex =" key, multiple indented lines. No backslashes for wrapping.
+failregex = (?i)^.*"x_forwarded_for":"<HOST>(?:, [^"]+)?".*"http_user_agent":"[^"]*(?:sqlmap|nikto|acunetix|wpscan|dirbuster|gobuster|masscan|zgrab|ZmEu|nessus|openvas|libwww-perl|mechanize|lwp-trivial|python-requests|python-urllib|urllib|aiohttp|httpx|scrapy|curl|wget|Go-http-client|okhttp|httpclient|jakarta|java)[^"]*".*$
+            (?i)^.*"remote_addr":"<HOST>".*"http_user_agent":"[^"]*(?:sqlmap|nikto|acunetix|wpscan|dirbuster|gobuster|masscan|zgrab|ZmEu|nessus|openvas|libwww-perl|mechanize|lwp-trivial|python-requests|python-urllib|urllib|aiohttp|httpx|scrapy|curl|wget|Go-http-client|okhttp|httpclient|jakarta|java)[^"]*".*$
+
+# Ignore your health/status endpoints
+ignoreregex = ^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|pgadmin4(?:\/|$)|\.well-known\/acme-challenge\/|.*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$