Last active
March 6, 2024 19:25
-
-
Save mueslimak3r/33b6559f7353107f940060daa5919850 to your computer and use it in GitHub Desktop.
caddy jellyfin fail2ban authentication ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
**caddy config for jellyfin:** | |
jellyfin.mydomain.com { | |
reverse_proxy http://192.168.0.1212:2121 | |
log { | |
output file /var/log/caddy/JellyfinProxy.log { | |
roll_size 2MiB # Set max size 5 MB | |
roll_local_time true # Use localhost time | |
roll_keep 4 # Keep at most 2 log files | |
roll_keep_for 7d # Keep log files for 7 days | |
} | |
level ERROR | |
} | |
} | |
**install pyinotify (with pip as sudo)** | |
**config for fail2ban:** | |
**jail.local:** | |
[DEFAULT] | |
enabled = true | |
ignoreip = 127.0.0.1/8 192.168.0.yourlocalip/24 | |
ignorecommand = | |
backend = pyinotify | |
mode = normal | |
filter = %(__name__)s[mode=%(mode)s] | |
findtime = 600 | |
maxretry = 3 | |
bantime = 1200 | |
banaction = route | |
action = %(banaction)s[blocktype=blackhole] | |
**filter.d/caddy-jellyfin.conf:** | |
# Fail2Ban filter to match against Caddy logs and find failed jellyfin login attemps | |
[Definition] | |
failregex = .*"level":"error".*"remote_addr":"<HOST>:.*".*POST.*"uri":"/Users/authenticatebyname".*"status":401.*$ | |
ignoreregex = | |
**jail.d/caddy-jellyfin.conf:** | |
[caddy-jellyfin] | |
port = http,https | |
enabled = true | |
logpath = /var/log/caddy/JellyfinProxy.log | |
maxretry = 3 | |
bantime = 1200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi,
I think it is much better to add
prefregex
to optimize your definition, something like this should work much faster with a large thoroughput.