Is it possible for you to provide some guidance on how to set up fail2ban for jfa-go?
It's a great invite management system, but I am a bit wary of having a login page exposed that won't ban brute forcing IPs.

I have spent some time, and I think I got it working, so here is my config in case it helps others set up fail2ban on jfa-go.

I set up a filter file as /etc/fail2ban/filter.d/jfago.conf:

[Definition]

failregex = ^<HOST> -.* 401

And put this inside my jail.local:

[jfago]

enabled = true
port = http,https
filter = jfago
logpath = /var/log/nginx/jfago.log
maxretry = 3
findtime = 5m
bantime = 10d
action = cloudflare
         %(action_mw)s

I am using Cloudflare to block IPs, so the action should be modified accordingly for anyone not using Cloudflare or using something else external (otherwise you just keep the %(action_mw)s in there).