[BUG] fail2ban reload command doesn't work

[abaurens]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The fail2ban-client reload and fail2ban-client restart commands are ineffectives, and calling fail2ban-client restart spamms swag's log with this error

2025-09-16 12:57:21,143 fail2ban                [4298]: ERROR   Server already running

From what I understand, this is because swag copies fail2ban config to /etc/fail2ban/ during it's init sequence:

docker-swag/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

Lines 14 to 31 in 72e5347

	# copy/update the fail2ban config defaults to/in /config
	cp -R /defaults/fail2ban/filter.d /config/fail2ban/
	cp -R /defaults/fail2ban/action.d /config/fail2ban/
	# if jail.local is missing in /config, copy default
	if [[ ! -f /config/fail2ban/jail.local ]]; then
	cp /defaults/fail2ban/jail.local /config/fail2ban/jail.local
	fi
	# Replace fail2ban config with user config
	if [[ -d /etc/fail2ban/filter.d ]]; then
	rm -rf /etc/fail2ban/filter.d
	fi
	if [[ -d /etc/fail2ban/action.d ]]; then
	rm -rf /etc/fail2ban/action.d
	fi
	cp -R /config/fail2ban/filter.d /etc/fail2ban/
	cp -R /config/fail2ban/action.d /etc/fail2ban/
	cp /defaults/fail2ban/fail2ban.local /etc/fail2ban/
	cp /config/fail2ban/jail.local /etc/fail2ban/jail.local

This behavior forces the user to fully restart swag to reload fail2ban config, which is NOT specified anywhere in swag's doc.
Especially, the using-fail2ban section talks a little bit about fail2ban-client and invite users to read it's documentation here which tgalks about the reload and restart options.

Expected Behavior

Option 1:
Fix the doc to clearly state that fail2ban-client reload and fail2ban-client restart does not work and that a full swag restart is required instead.

Option 2:
Fix the behavior and make fail2ban-client reload successfully detects changes to jails and other fail2ban config.

Could be by detecting changes in fail2ban config and re-trigering the copy.
I'd at least expect this on swag instances with SWAG_AUTORELOAD enabled, but preferably, this would also automatically call fail2ban-client restart.

Steps To Reproduce

• Start swag container
• Edit swag's fail2ban config (i.e: add/modify a jail to /config/fail2ban/jail.local)
• Reload fail2ban config docker exec -i swag fail2ban-client reload
• Check /config/log/fail2ban/fail2ban.log and see the changes are ignored.

Environment

- OS: Debian GNU/Linux 12 (bookworm)
- How docker service was installed: docker-compose

CPU architecture

x86-64

Docker creation

---
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1002
      - PGID=100
      - TZ=Europe/Paris
      - EMAIL=<redacted>
      - URL=example.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=ovh
      - ONLY_SUBDOMAINS=false
      - STAGING=false
      - REMOVE_OLD_MODS=true
      - SWAG_AUTORELOAD=true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${PORTAINER_APPDATA_PATH}/certs:/ssl/certs
      - ${PORTAINER_APPDATA_PATH}/swag/config:/config
      - ${PORTAINER_APPDATA_PATH}/swag/dashboard:/dashboard
      - ${PORTAINER_APPDATA_PATH}/swag/custom-init:/custom-cont-init.d
      - ${PORTAINER_APPDATA_PATH}/authelia/config/authelia.log:/service_logs/authelia/authelia.log:ro
      - /tmp/swag-dashboard:/tmp
    ports:
      - 80:80
      - 443:443
    networks: 
      proxynet:
        ipv4_address: 172.10.1.1

Container logs

2025-09-16 12:57:21,143 fail2ban                [4298]: ERROR   Server already running
2025-09-16 12:57:22,215 fail2ban                [4301]: ERROR   Server already running
2025-09-16 12:57:23,287 fail2ban                [4304]: ERROR   Server already running
2025-09-16 12:57:24,357 fail2ban                [4307]: ERROR   Server already running
2025-09-16 12:57:25,430 fail2ban                [4310]: ERROR   Server already running
2025-09-16 12:57:26,505 fail2ban                [4313]: ERROR   Server already running
2025-09-16 12:57:27,577 fail2ban                [4316]: ERROR   Server already running
2025-09-16 12:57:28,651 fail2ban                [4319]: ERROR   Server already running
2025-09-16 12:57:29,725 fail2ban                [4322]: ERROR   Server already running
2025-09-16 12:57:30,797 fail2ban                [4325]: ERROR   Server already running
2025-09-16 12:57:31,854 fail2ban                [4328]: ERROR   Server already running
2025-09-16 12:57:32,927 fail2ban                [4331]: ERROR   Server already running
2025-09-16 12:57:33,999 fail2ban                [4334]: ERROR   Server already running
2025-09-16 12:57:35,067 fail2ban                [4337]: ERROR   Server already running
2025-09-16 12:57:36,139 fail2ban                [4340]: ERROR   Server already running
2025-09-16 12:57:37,200 fail2ban                [4343]: ERROR   Server already running
2025-09-16 12:57:38,271 fail2ban                [4346]: ERROR   Server already running
2025-09-16 12:57:39,344 fail2ban                [4349]: ERROR   Server already running
2025-09-16 12:57:40,416 fail2ban                [4352]: ERROR   Server already running
2025-09-16 12:57:41,488 fail2ban                [4355]: ERROR   Server already running
2025-09-16 12:57:42,560 fail2ban                [4358]: ERROR   Server already running
2025-09-16 12:57:43,635 fail2ban                [4361]: ERROR   Server already running
2025-09-16 12:57:44,690 fail2ban                [4364]: ERROR   Server already running
2025-09-16 12:57:45,764 fail2ban                [4367]: ERROR   Server already running

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.