Using Fail2Ban with dockerized Gitea

Nime · February 12, 2020, 4:18pm

Hello everyone,
I have set up a rootless docker container for gitea, and it is working great so far. I got fail2ban running on my host machine and I want to use it to moderate failed logins on gitea.

When checking the /data/log/gitea.log file however, ip’s originate from the local bridge address.

2020/02/12 16:50:31 routers/user/auth.go:171:SignInPost() [I] Failed authentication attempt for someuser from 172.19.0.1

How can I set up the instance in a way, that incoming ip’s are not masqueraded?

Thanks

Nime · February 14, 2020, 8:37am

This can currently not be achieved for CentOS8 and docker rootless, since masquerade settings in docker are ignored due to a long lasting bug. Therefor not gitea related.

adam-stamand · February 10, 2023, 2:19pm

I know this is an old post, but in case others come across this; does this address the concern?: Rootless mode overwrites public IP to Docker's IP · Issue #41789 · moby/moby · GitHub

I was able to use the DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns setting to get the IP addresses to correctly pass through

Topic		Replies	Views
Real IP in gitea log for fail2ban (using Traefik) Ecosystem	1	996	January 14, 2023
Docker login Forbidden General	1	2301	February 13, 2023
Moved to another IP General	2	745	May 24, 2023
Docker ssh passthrough fails General	0	577	February 10, 2023
Docker SSH keys Install/Maintain/Configure	1	967	May 22, 2023

Using Fail2Ban with dockerized Gitea

Related Topics