/config/nginx/proxy.conf in letsencrypt already passes the ip of the remote address. proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; In order to get fail2ban to work with anything other than local auth_basic access, you have to add the path of the logs to the letsencrypt container like Marv did for Emby. (Container path: /emby_logs Host path: /mnt/user/appdata/emby/logs) The problem with nextcloud was that all it sees is the ip of the unRAID docker0 bridge interface. So if there was malicious usage everyone would be banned. So adding this to Nextcloud nginx gets the forwarded ip from the headers instead of the docker0 ip. real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.0/16; real_ip_recursive on; So now you have the real ip in your nextcloud and nextcloud nginx logs and fail2ban can use that.