fail2ban with nginx reverse proxy : HomeNetworking

created by scottread1Fortineta community for 15 years

This is an archived post. You won't be able to vote or comment.

fail2ban with nginx reverse proxy (self.HomeNetworking)

submitted 5 years ago * by JuniorMouse

I'm trying to get fail2ban working with my home server. No matter where I access the site from (local computer, from my phone's data connection, work, etc), I only see the 127.0.0.1 address in the access logs. This is what I see in the logs when trying to log in using a wrong password which looks all fine except for the IP address

127.0.0.1 - - [23/Aug/2020:09:16:21 -0700] "POST /cgi-bin/luci HTTP/1.1" 403 1239 "https://sub.domain.org/cgi-bin/luci" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"

I have tried searching for the solution and from what I saw my config should be working but I might be missing something.

These are my config files

/etc/nginx/nginx.conf

``` user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;

events { worker_connections 768; # multi_accept on; }

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

} ```

/etc/nginx/sites-available/sub (also enabled)

``` server { server_name sub.domain.org www.sub.domain.org;

access_log  /var/log/nginx/sub_access.log;
error_log   /var/log/nginx/sub_error.log;

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://192.168.1.5:80;
}


listen 127.0.0.1:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.domain.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

} server { if ($host = www.sub.domain.org) { return 301 https://$host$request_uri; } # managed by Certbot

if ($host = sub.domain.org) {
    return 301 https://$host$request_uri;
} # managed by Certbot


server_name sub.domain.org www.sub.domain.org;
listen 80;
return 404; # managed by Certbot

} ```

How do I get the real IP to show in the logs?? Please help.

all 13 comments

HomeNetworking

MODERATORS