A filter matches lines in the nginx log using regular expressions. If the line matches, it uses another regexp to extract the IP address, and then calls out to scripts to block that IP address.
I'm not going to post the exact configuration files I use, but the GitHub repo for fail2ban contains examples.
I like Fail2Ban, but as I remember it, my learning process looked a lot like this:
1.) Read through the documentation.
2.) Pour myself a scotch.
3.) Read through more documentation.
4.) Start drinking right out of the bottle.
5.) Try something.
6.) Get an error or experience a spectacular failure.
7.) Use StackOverflow.
8.) GOTO 5.
-------------
In good news, it worked - the light went on and now I'm confident that I could adapt Fail2Ban to suit any use. But, in bad news, honestly, I feel your pain and understand where/why you are getting stuck. Fail2Ban is a very complicated, yet extremely useful piece of software.
I'm not going to post the exact configuration files I use, but the GitHub repo for fail2ban contains examples.
https://github.com/fail2ban/fail2ban/blob/0.11/config/filter...
That's a filter that protects Apache against the 'shellshock' (https://en.wikipedia.org/wiki/Shellshock_(software_bug)) vulnerability, for example.