nginx.conf

# Shamelessly stolen from http://devblog.mixlr.com/2012/09/01/nginx-lua/
lua_shared_dict banned_ips 1m; 

server {
  # Boilerplate
	listen 80 default_server;
	listen [::]:80 default_server ipv6only=on;
	root /usr/share/nginx/html;
	index index.html index.htm;
	server_name localhost;

  # Lua configuration
  location / {
    access_by_lua '
      -- redis config - change as needed
      local redis_hostname = "127.0.0.1"
      local redis_port = 6379
      local redis_set_name = "fail2ban-nginx-redis"

      -- should not need to change below this
      local banned_ips = ngx.shared.banned_ips;
      local updated_at = banned_ips:get("updated_at");

      -- only update banned_ips from Redis once every ten seconds:
      if updated_at == nil or updated_at < ( ngx.now() - 10 ) then
        local redis = require "resty.redis";
        local red = redis:new();
        red:set_timeout(200);

        local ok, err = red:connect(redis_hostname, redis_port);
        if not ok then
          ngx.log(ngx.WARN, "Redis connection error retrieving banned_ips: " .. err);
        else
          local updated_banned_ips, err = red:smembers(redis_set_name);
          if err then
            ngx.log(ngx.WARN, "Redis read error retrieving banned_ips: " .. err);
          else
            -- replace the locally stored banned_ips with the updated values:
            banned_ips:flush_all();
            for index, banned_ip in ipairs(updated_banned_ips) do
              banned_ips:set(banned_ip, true);
            end
            banned_ips:set("updated_at", ngx.now());
          end
        end
      end

      if banned_ips:get(ngx.var.remote_addr) then
        ngx.log(ngx.WARN, "Banned IP detected and refused access: " .. ngx.var.remote_addr);
        return ngx.exit(ngx.HTTP_FORBIDDEN);
      end
    ';
  }
}