Last active
April 15, 2025 02:56
-
-
Save mueslimak3r/33b6559f7353107f940060daa5919850 to your computer and use it in GitHub Desktop.
caddy jellyfin fail2ban authentication ban
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **caddy config for jellyfin:** | |
| jellyfin.mydomain.com { | |
| reverse_proxy http://192.168.0.1212:2121 | |
| log { | |
| output file /var/log/caddy/JellyfinProxy.log { | |
| roll_size 2MiB # Set max size 5 MB | |
| roll_local_time true # Use localhost time | |
| roll_keep 4 # Keep at most 2 log files | |
| roll_keep_for 7d # Keep log files for 7 days | |
| } | |
| level ERROR | |
| } | |
| } | |
| **install pyinotify (with pip as sudo)** | |
| **config for fail2ban:** | |
| **jail.local:** | |
| [DEFAULT] | |
| enabled = true | |
| ignoreip = 127.0.0.1/8 192.168.0.yourlocalip/24 | |
| ignorecommand = | |
| backend = pyinotify | |
| mode = normal | |
| filter = %(__name__)s[mode=%(mode)s] | |
| findtime = 600 | |
| maxretry = 3 | |
| bantime = 1200 | |
| banaction = route | |
| action = %(banaction)s[blocktype=blackhole] | |
| **filter.d/caddy-jellyfin.conf:** | |
| # Fail2Ban filter to match against Caddy logs and find failed jellyfin login attemps | |
| [Definition] | |
| failregex = .*"level":"error".*"remote_addr":"<HOST>:.*".*POST.*"uri":"/Users/authenticatebyname".*"status":401.*$ | |
| ignoreregex = | |
| **jail.d/caddy-jellyfin.conf:** | |
| [caddy-jellyfin] | |
| port = http,https | |
| enabled = true | |
| logpath = /var/log/caddy/JellyfinProxy.log | |
| maxretry = 3 | |
| bantime = 1200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Set enabled to false in jail.local [DEFAULT] section (it's already enabled in the caddy-jellyfish jail). And roll_local_time no longer accepts true; just leave it by itself.
This should work.