touch /etc/fail2ban/filter.d/nextcloud.conf
[Definition]
failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' (Remote IP: '')","level":2,"time":"."}$
^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' (Remote IP: '')".}$
^.\"remoteAddr\":\"\".Trusted domain error.*$
[nextcloud]
enabled = true
port = 80,443,35653
protocol = tcp
filter = nextcloud
maxretry = 3
logpath = /var/snap/nextcloud/current/logs/nextcloud.log
action = %(action_mwl)s
bantime = -1