OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
8420 Commits
197 Branches
392 MB
3426 Download
Tree: 8ff3d5cc35
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8ff3d5cc35'
${ noResults }
aiforge/docs/content/doc/usage/fail2ban-setup.md

fail2ban-setup.md 2.1 kB
Raw Normal View History

Added docs for configuring fail2ban (#3949)
7 years ago
Fix typo in doc (#8914) Fix typo in doc fail2ban-setup.md
5 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
Copyedit docs (#6275)
6 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
Docs: Added instructions for Docker fail2ban configuration. (#8642)
5 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
Docs: Added instructions for Docker fail2ban configuration. (#8642)
5 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
Docs: Added instructions for Docker fail2ban configuration. (#8642)
5 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
Copyedit docs (#6275)
6 years ago
Added docs for configuring fail2ban (#3949)
7 years ago
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. ---

  2. date: "2018-05-11T11:00:00+02:00"

  3. title: "Usage: Setup fail2ban"

  4. slug: "fail2ban-setup"

  5. weight: 16

  6. toc: true

  7. draft: false

  8. menu:

  9.   sidebar:

  10.     parent: "usage"

  11.     name: "Fail2ban setup"

  12.     weight: 16

  13.     identifier: "fail2ban-setup"

  14. ---

  15. 

  16. # Fail2ban setup to block users after failed login attempts

  17. 

  18. **Remember that fail2ban is powerful and can cause lots of issues if you do it incorrectly, so make 

  19. sure to test this before relying on it so you don't lock yourself out.**

  20. 

  21. Gitea returns an HTTP 200 for bad logins in the web logs, but if you have logging options on in 

  22. `app.ini`, then you should be able to go off of `log/gitea.log`, which gives you something like this 

  23. on a bad authentication:

  24. 

  25. ```log

  26. 2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx

  27. ```

  28. 

  29. Add our filter in `/etc/fail2ban/filter.d/gitea.conf`:

  30. 

  31. ```ini

  32. # gitea.conf

  33. [Definition]

  34. failregex =  .*Failed authentication attempt for .* from <HOST>

  35. ignoreregex =

  36. ```

  37. 

  38. Add our jail in `/etc/fail2ban/jail.d/gitea.conf`:

  39. 

  40. ```ini

  41. [gitea]

  42. enabled = true

  43. filter = gitea

  44. logpath = /home/git/gitea/log/gitea.log

  45. maxretry = 10

  46. findtime = 3600

  47. bantime = 900

  48. action = iptables-allports

  49. ```

  50. 

  51. If you're using Docker, you'll also need to add an additional jail to handle the **FORWARD** 

  52. chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.conf`:

  53. 

  54. ```ini

  55. [gitea-docker]

  56. enabled = true

  57. filter = gitea

  58. logpath = /home/git/gitea/log/gitea.log

  59. maxretry = 10

  60. findtime = 3600

  61. bantime = 900

  62. action = iptables-allports[chain="FORWARD"]

  63. ```

  64. 

  65. Then simply run `service fail2ban restart` to apply your changes. You can check to see if 

  66. fail2ban has accepted your configuration using `service fail2ban status`.

  67. 

  68. Make sure and read up on fail2ban and configure it to your needs, this bans someone 

  69. for **15 minutes** (from all ports) when they fail authentication 10 times in an hour.

  70. 

  71. If you run Gitea behind a reverse proxy with Nginx (for example with Docker), you need to add

  72. this to your Nginx configuration so that IPs don't show up as 127.0.0.1: 

  73. 

  74. ```

  75. proxy_set_header X-Real-IP $remote_addr;

  76. ```

No Description