http – Ban across entire system based on ssh attempts

I have fail2ban set up to ban anyone who tries to connect via. ssh without my certificate.

I currently have a list of 1886 banned addresses (and counting), majority of which originate from China. China is not my target audience for my nginx web server, so I am able to block the entire country with geoip_country, however I would also like to specifically deny access to http/https/git from those specifically on the ban list too.

I have these two configurations:

enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = %(nginx_error_log)s
maxretry = 3
bantime  = -1


enabled  = true
port     = ssh
logpath  = %(sshd_log)s
backend  = %(sshd_backend)s
maxretry = 3
findtime = 600
bantime  = -1

Is there a way I can combine these two together? Ban anywhere, apply block anywhere?
I’m not quite sure how to do any tests, given if I ban myself I’d get locked out (static ip)?