mirror of
https://github.com/dani-garcia/bitwarden_rs
synced 2024-11-25 19:30:40 +01:00
Add a tip about using a reverse proxy with fail2ban
parent
8b2ec6c3d8
commit
8168e39ecc
@ -126,10 +126,16 @@ Create and fill the following file
|
|||||||
ignoreregex =
|
ignoreregex =
|
||||||
````
|
````
|
||||||
|
|
||||||
If you get the following error message in `fail2ban.log` (CentOS 7, Fail2Ban v0.9.7)
|
**Tip:** If you get the following error message in `fail2ban.log` (CentOS 7, Fail2Ban v0.9.7)
|
||||||
`fail2ban.filter [5291]: ERROR No 'host' group in '^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$'`
|
`fail2ban.filter [5291]: ERROR No 'host' group in '^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$'`
|
||||||
Please Use `<HOST>` instead of `<ADDR>` in `bitwarden.local`
|
Please Use `<HOST>` instead of `<ADDR>` in `bitwarden.local`
|
||||||
|
|
||||||
|
**Tip:** If you see 127.0.0.1 as the IP address of failed logins in bitwarden.log, then you're probably using a reverse proxy and fail2ban won't work correctly:
|
||||||
|
````
|
||||||
|
[YYYY-MM-DD hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: 127.0.0.1. Username: email@example.com.
|
||||||
|
````
|
||||||
|
To remedy this, forward the true remote address to bitwarden_rs via the X-Real-IP header. How to do this varies depending on the proxy you use. For example, in Caddy 2.x, when you define the reverse-proxy, define `header_up X-Real-IP {remote_host}`. See [Proxy examples](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples) for more info.
|
||||||
|
|
||||||
### Jail
|
### Jail
|
||||||
Create and fill the following file
|
Create and fill the following file
|
||||||
````
|
````
|
||||||
|
Loading…
Reference in New Issue
Block a user