Skip to content

Instantly share code, notes, and snippets.

@mueslimak3r
Last active March 6, 2024 19:25
Show Gist options
  • Save mueslimak3r/33b6559f7353107f940060daa5919850 to your computer and use it in GitHub Desktop.
Save mueslimak3r/33b6559f7353107f940060daa5919850 to your computer and use it in GitHub Desktop.
caddy jellyfin fail2ban authentication ban
**caddy config for jellyfin:**
jellyfin.mydomain.com {
reverse_proxy http://192.168.0.1212:2121
log {
output file /var/log/caddy/JellyfinProxy.log {
roll_size 2MiB # Set max size 5 MB
roll_local_time true # Use localhost time
roll_keep 4 # Keep at most 2 log files
roll_keep_for 7d # Keep log files for 7 days
}
level ERROR
}
}
**install pyinotify (with pip as sudo)**
**config for fail2ban:**
**jail.local:**
[DEFAULT]
enabled = true
ignoreip = 127.0.0.1/8 192.168.0.yourlocalip/24
ignorecommand =
backend = pyinotify
mode = normal
filter = %(__name__)s[mode=%(mode)s]
findtime = 600
maxretry = 3
bantime = 1200
banaction = route
action = %(banaction)s[blocktype=blackhole]
**filter.d/caddy-jellyfin.conf:**
# Fail2Ban filter to match against Caddy logs and find failed jellyfin login attemps
[Definition]
failregex = .*"level":"error".*"remote_addr":"<HOST>:.*".*POST.*"uri":"/Users/authenticatebyname".*"status":401.*$
ignoreregex =
**jail.d/caddy-jellyfin.conf:**
[caddy-jellyfin]
port = http,https
enabled = true
logpath = /var/log/caddy/JellyfinProxy.log
maxretry = 3
bantime = 1200
@stypr
Copy link

stypr commented Feb 5, 2023

hi,

I think it is much better to add prefregex to optimize your definition, something like this should work much faster with a large thoroughput.

prefregex = ^{"level":"error",<F-CONTENT>.+</F-CONTENT>$
failregex = .*"request":{"remote_addr":"<HOST>".*,"status":401,.*$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment