• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting Networking & Access Caddy, fail2ban, podman

     
    • 0 Vote(s) - 0 Average

    Caddy, fail2ban, podman

    How to set up fail2ban together with caddy all within podman
    42piper
    Offline

    Junior Member
    Posts: 4
    Threads: 1
    Joined: 2024 Dec
    Reputation: 0
    #1
    2024-12-23, 06:41 PM
    Hi,

    so I am trying to setup jellyfin behind a reverse-proxy (caddy) and protect the login with fail2ban.

    caddy and jellyfin are running as rootless podman containers in separate pods.

    So far, I managed to setup caddy and access jellyfine. Great!

    Before setting up fail2ban, I tried to login with wrong credentials: The log shows that but the IP is set to 10.0.2.100 (not sure what that is, some local address that all my containers have, but NOT the local IP of the machine hosting the containers). I already added 10.0.2.100 and the IP of the machine to the known-proxy list without success.

    What am I missing?

    Thanks!
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,375
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #2
    2024-12-23, 06:52 PM
    What address is the caddy using for Jellyfin? Is it using the docker IP for Jellyfin? Are you publishing ports for both containers? Or just publishing ports for caddy?
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    42piper
    Offline

    Junior Member
    Posts: 4
    Threads: 1
    Joined: 2024 Dec
    Reputation: 0
    #3
    2024-12-23, 08:04 PM
    Jellyfins http-port is mapped to 3000. Caddy exposes 443. Caddy then uses 192.168.50.200:3000 (where the IP is the IP of the machine) to reach jellyfin.
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,375
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #4
    2024-12-23, 08:23 PM
    Are the pods using host networking or bridge networking? If both are using bridge networking, you can expose port 3000 on the jellyfin container and use the bridge IP. Then Jellyfin should see the caddy pod's IP, which is what you'd add to the known proxies field.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    42piper
    Offline

    Junior Member
    Posts: 4
    Threads: 1
    Joined: 2024 Dec
    Reputation: 0
    #5
    2024-12-23, 09:29 PM
    Since it's rootless podman, it's basically host-networking (see slirp4netns here https://github.com/containers/podman/blo...working.md).

    maybe it was not clear from my post: the reverse_proxy works, I can log in and everything, but for some reason jellyfin does not detect the correct source-IP to write in the logs.
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,375
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #6
    2024-12-23, 09:53 PM
    You can add multiple IPs as proxies, separated with a comma. Add the host IP in addition to, I'm assuming, the Caddy container's IP.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    42piper
    Offline

    Junior Member
    Posts: 4
    Threads: 1
    Joined: 2024 Dec
    Reputation: 0
    #7
    2024-12-24, 09:21 AM
    I did that too.

    However, figured out the problem - rootless containers in podman run in the slrip4netns network and there the source IP is not preserved / passed on.
    So I need to change my setup (found some solutions via sockets), back to the drawing board.
    Thanks for your help though!
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode