+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: Fail2Ban Installation & Docker Logs Ubuntu (/t-solved-fail2ban-installation-docker-logs-ubuntu)
Fail2Ban Installation & Docker Logs Ubuntu - LittleFluffyCloud - 2024-09-28
I have had jellyfin installed for ages using the docker image in portainer (because youtube said!) on a raspberry pi running ubuntu server 22.04 (and I love it ofcourse!
). Today I have installed caddyserver to reverse proxy it to a no ip domain. To make it safer I'd like to run fail2ban, I was trying to follow the instructions here https://jellyfin.org/docs/general/networking/fail2ban.
I am stuck with the requirements of what to put in for my log location, the instructions suggest it would be at /config/log/ for a docker install, but this is not a location on my machine. I suspect this is a bit of a noob misunderstanding of docker, but where can I find this and what exactly should I put in the config?
Thanks!
RE: Fail2Ban Installation & Docker Logs Ubuntu - TheDreadPirate - 2024-09-28
You need to provide the path you configured in portainer where /config is mounted. Then add the log path.
An example. You mounted /config at /docker/jellyfin/config. You'd provide this path to fail2ban.
/docker/jellyfin/config/log
RE: Fail2Ban Installation & Docker Logs Ubuntu - LittleFluffyCloud - 2024-09-28
So I guess for me it is this location as per portainer
which when I navigate to has this folder location for jellyfin logs
/portainer/Files/AppData/Config/Jellyfin/log
which means my config should have this path
logpath = /portainer/Files/AppData/Config/Jellyfin/log/jellyfin*.log
RE: Fail2Ban Installation & Docker Logs Ubuntu - LittleFluffyCloud - 2024-09-28
The service failed to start, I am gessing some error in my configs?
Code:
[jellyfin]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = jellyfin
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /portainer/Files/AppData/Config/Jellyfin/log/jellyfin*.log
action = iptables-allports[name=jellyfin, chain=DOCKER-USER]Code:
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.RE: Fail2Ban Installation & Docker Logs Ubuntu - LittleFluffyCloud - 2024-09-28
So the issue was there weren't any logs that matched the specified regex at the log path. I created a file and fail2ban loaded. But when I ran the test regex it didn't work. Then I entered different regex for the logs that appear in the folder already
then failed to log in 5 times on a test account and ran the test regex and got this result which I think means it didn't work
Running tests
=============
Use failregex filter file : jellyfin, basedir: /etc/fail2ban
Use single line : /path_to_logs/*.log
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.06 sec]
|- Missed line(s):
| /path_to_logs/*.log
`-
RE: Fail2Ban Installation & Docker Logs Ubuntu - TheDreadPirate - 2024-09-28
Remove the port and protocol lines. They aren't necessary for jails that read logs.
Also, I think the fail2ban docs need to be updated. Jellyfin USED to write the current day's logs to jellyfin.log, but now it is log_YYYYMMDD.log.
I recall working through this earlier this year. I ended up setting up a cronjob that runs at midnight that creates a symlink called jellyfin.log that symlinks to the log for the current day.
Code:
chris@rat-trap:/var/log/jellyfin$ cat /etc/fail2ban/jail.d/jellyfin.local
[jellyfin]
backend = auto
enabled = true
filter = jellyfin
maxretry = 5
bantime = 86400
findtime = 43200
logpath = /var/log/jellyfin/jellyfin.log
banaction = iptables-allports
[jellyfin-testing]
backend = auto
enabled = true
filter = jellyfin
maxretry = 5
bantime = 86400
findtime = 43200
logpath = /docker/containers/jellyfin-stable-data/config/log/jellyfin.log
banaction = iptables-allportsCode:
chris@rat-trap:/var/log/jellyfin$ ls -lrt
total 7160
lrwxrwxrwx 1 root root 34 Sep 28 00:01 jellyfin.log -> /var/log/jellyfin/log_20240928.log
-rw-r--r-- 1 jellyfin jellyfin 826505 Sep 28 19:46 log_20240928.logCode:
chris@rat-trap:/docker/containers/jellyfin-stable-data/config/log$ ll
total 1608
lrwxrwxrwx 1 root root 67 Sep 28 00:01 jellyfin.log -> /docker/containers/jellyfin-stable-data/config/log/log_20240928.log
-rw-r--r-- 1 jellyfin jellyfin 413124 Sep 28 18:46 log_20240928.logMy cronjob runs this script at a minute past midnight.
Code:
#!/bin/bash
rm /var/log/jellyfin/jellyfin.log
NEWFILE=$(ls -lrt /var/log/jellyfin/* | egrep -v "FFmpeg|record|upload" | tail -1 | awk '{print $NF}')
ln -s $NEWFILE /var/log/jellyfin/jellyfin.log
rm /docker/containers/jellyfin-stable-data/config/log/jellyfin.log
NEWFILE=$(ls -lrt /docker/containers/jellyfin-stable-data/config/log/* | egrep -v "FFmpeg|record|upload" | tail -1 | awk '{print $NF}')
ln -s $NEWFILE /docker/containers/jellyfin-stable-data/config/log/jellyfin.logRoot's crontab.
Code:
# m h dom mon dow command
1 0 * * * rotateJellyfinLogRE: Fail2Ban Installation & Docker Logs Ubuntu - LittleFluffyCloud - 2024-09-29
I made the changes that you suggested, removing the port and protocol lines. I also noticed the docs say add this to .local
action = iptables-allports[name=jellyfin, chain=DOCKER-USER]
but you had just
banaction = iptables-allports
so updated that as well and restarted fail2ban and I am now blocked from vpn and cell service so all working thanks!
it's probably worth noting that fail2ban was not running from docker, not sure if that makes a difference!