Jump to content
linuxserver.io

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

5065 posts in this topic Last Reply

Recommended Posts

Sounds like we all have the same first name
 
The only potential issue I'm aware of is in nextcloud's config.php where you allow a proxy. You'd have to change that to swag if you change the container name (and if you reverse proxy nextcloud)

e3e083691e1d248ae45873b238d3ea94.jpg


Excuse my rudimentary pic but I’m assume first line? Shutdown NC, change letsencrypt name to swag(&let it boot up), change NC config.php, then boot Nextcloud back up?

Share this post


Link to post

Hey guys, I could use a little guidance....I'm not a computer guy by any stretch of the imagination so setting up Nextcloud with ReverseProxy is WAY over my head.....I'm just following SI video instructions and have no idea what everything is actually doing.

 

Anyway, in the video when setting up Letsencrypt/SWAG he used the duckdns.org and his duckdns subdomains. I registered my own personal domains and created Cnames...BUT they forward to a duckdns url.  So in the field asking for the Domain Name....do I use my main URL I purchased or the DuckDNS.org that everything is forwarding too?

 

Additionally, at the bottom of SWAG it has a field for a DuckDNS token, that was not in the old app that SI was using.....Do I need to include that?

 

Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this.

 

ALSO, do I need to make subdomains for EVERYTHING like SAB, NZBget, PLEX and other things like that which are on my server but go out onto the net?

 

Thanks for any guidance you can give....greatly appreciated!

Edited by SPOautos

Share this post


Link to post

UPDATE to my last post - I went ahead and "applied" those settings I mentioned above.....

"Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this."

 

BUT in the logs all of the challanges failed. It seems like it was looking for a A record where I created CNames....is that why? With the A record though you have to point it to a IP address, it wont let me point it to a Duckdns address.

 

Could this be because I just purchased the domain and created the Cnames about 2-3 hours ago? Does it need more time? Or do I just have the settings wrong?

 

Here is the SWAG log.....

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Chicago
URL=s2white.com
SUBDOMAINS=server,sonarr,radarr,lidarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
EMAIL=stephen@whoopsiedaisyclothing.com
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d server.s2white.com -d sonarr.s2white.com -d radarr.s2white.com -d lidarr.s2white.com -d nextcloud.s2white.com
E-mail address entered: stephen@whoopsiedaisyclothing.com
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Waiting for verification...
Challenge failed for domain lidarr.s2white.com
Challenge failed for domain nextcloud.s2white.com
Challenge failed for domain radarr.s2white.com
Challenge failed for domain s2white.com
Challenge failed for domain server.s2white.com
Challenge failed for domain sonarr.s2white.com
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: lidarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lidarr.s2white.com -
check that a DNS record exists for this domain

Domain: nextcloud.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
nextcloud.s2white.com - check that a DNS record exists for this



Domain: radarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for radarr.s2white.com -
check that a DNS record exists for this domain

Domain: server.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for server.s2white.com -
check that a DNS record exists for this domain

Domain: sonarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for sonarr.s2white.com -
check that a DNS record exists for this domain
- The following errors were reported by the server:

Domain: s2white.com
Type: unauthorized
Detail: Invalid response from
http://s2white.com/.well-known/acme-challenge/II7qAGyVqDFhBJ7WLQg2obnFCDxtWDqCxANhUwOgLVM
[34.102.136.180]: "<!doctype html><html lang=\"en\"><head><meta
http-equiv=\"content-type\"
content=\"text/html;charset=utf-8\"><meta name=\"viewport\" con"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Edited by SPOautos

Share this post


Link to post
3 hours ago, blaine07 said:


e3e083691e1d248ae45873b238d3ea94.jpg


Excuse my rudimentary pic but I’m assume first line? Shutdown NC, change letsencrypt name to swag(&let it boot up), change NC config.php, then boot Nextcloud back up?

Yup

Share this post


Link to post
15 minutes ago, SPOautos said:

UPDATE to my last post - I went ahead and "applied" those settings I mentioned above.....

"Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this."

 

BUT in the logs all of the challanges failed. It seems like it was looking for a A record where I created CNames....is that why? With the A record though you have to point it to a IP address, it wont let me point it to a Duckdns address.

 

Could this be because I just purchased the domain and created the Cnames about 2-3 hours ago? Does it need more time? Or do I just have the settings wrong?

 

Here is the SWAG log.....

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Chicago
URL=s2white.com
SUBDOMAINS=server,sonarr,radarr,lidarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
EMAIL=stephen@whoopsiedaisyclothing.com
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d server.s2white.com -d sonarr.s2white.com -d radarr.s2white.com -d lidarr.s2white.com -d nextcloud.s2white.com
E-mail address entered: stephen@whoopsiedaisyclothing.com
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Waiting for verification...
Challenge failed for domain lidarr.s2white.com
Challenge failed for domain nextcloud.s2white.com
Challenge failed for domain radarr.s2white.com
Challenge failed for domain s2white.com
Challenge failed for domain server.s2white.com
Challenge failed for domain sonarr.s2white.com
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: lidarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lidarr.s2white.com -
check that a DNS record exists for this domain

Domain: nextcloud.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
nextcloud.s2white.com - check that a DNS record exists for this



Domain: radarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for radarr.s2white.com -
check that a DNS record exists for this domain

Domain: server.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for server.s2white.com -
check that a DNS record exists for this domain

Domain: sonarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for sonarr.s2white.com -
check that a DNS record exists for this domain
- The following errors were reported by the server:

Domain: s2white.com
Type: unauthorized
Detail: Invalid response from
http://s2white.com/.well-known/acme-challenge/II7qAGyVqDFhBJ7WLQg2obnFCDxtWDqCxANhUwOgLVM
[34.102.136.180]: "<!doctype html><html lang=\"en\"><head><meta
http-equiv=\"content-type\"
content=\"text/html;charset=utf-8\"><meta name=\"viewport\" con"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

This needs to return an ip address: https://dnschecker.org/#A/sonarr.s2white.com

 

See here for details setup info: https://docs.linuxserver.io/general/swag

Share this post


Link to post
1 hour ago, aptalca said:

This needs to return an ip address: https://dnschecker.org/#A/sonarr.s2white.com

 

See here for details setup info: https://docs.linuxserver.io/general/swag

 

Does that mean something is wrong with the CNAME?  I made the Host Name sonarr.s2white.com and the points to value is a duckdns.org address that points to my server IP

 

In the linuxserver link you shared (thank you for that).....I see where it says this....

 

"Nextcloud is a bit trickier because the app has various security measures built-in, forcing us to configure certain options manually.

As with the other examples, let's make sure that we have a CNAME for nextcloud set up on our dns provider (a wildcard CNAME * will also cover this) and it is pointing to our A record that points to our server IP. If we are using the docker cli method, we also need to create the user defined bridge network (here named lsio) as described above. For DuckDNS, we do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as our custom subdomain, but we need to make sure that it is the correct IP address for our server. We also need to make sure that port 443 on our router is forwarded to the correct port on our server."

 

To be honest I'm not sure what all that means to what I have already done.  Have things changed since the SI video where I should now use a A record instead of a Cname and point it directly to my server ip address instead of a duckdns address?

 

So is this saying that instead of doing it the way SI shows, I now need to make a single Cname like Nextcloud.mydomain.com that points to a A record that I also create at Godaddy which in turn points to my servers IP address, then basically dont do anything with DuckDNS?  I do have my router set to reserve the IP address so I think that means it will always keep that domain so I dont really NEED DuckDNS I dont THINK....but I'm not positive about how all that works.

Edited by SPOautos

Share this post


Link to post
1 hour ago, SPOautos said:

 

Does that mean something is wrong with the CNAME?  I made the Host Name sonarr.s2white.com and the points to value is a duckdns.org address that points to my server IP

 

In the linuxserver link you shared (thank you for that).....I see where it says this....

 

"Nextcloud is a bit trickier because the app has various security measures built-in, forcing us to configure certain options manually.

As with the other examples, let's make sure that we have a CNAME for nextcloud set up on our dns provider (a wildcard CNAME * will also cover this) and it is pointing to our A record that points to our server IP. If we are using the docker cli method, we also need to create the user defined bridge network (here named lsio) as described above. For DuckDNS, we do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as our custom subdomain, but we need to make sure that it is the correct IP address for our server. We also need to make sure that port 443 on our router is forwarded to the correct port on our server."

 

To be honest I'm not sure what all that means to what I have already done.  Have things changed since the SI video where I should now use a A record instead of a Cname and point it directly to my server ip address instead of a duckdns address?

 

So is this saying that instead of doing it the way SI shows, I now need to make a single Cname like Nextcloud.mydomain.com that points to a A record that I also create at Godaddy which in turn points to my servers IP address, then basically dont do anything with DuckDNS?  I do have my router set to reserve the IP address so I think that means it will always keep that domain so I dont really NEED DuckDNS I dont THINK....but I'm not positive about how all that works.

I'm not the author of that video and am not familiar with it. You'll have to contact the author.

All the info we publish is in the github/docker hub readme (linked in the first post) and the docs article I linked above.

 

Typically, if you already own your own domain name, you don't need duckdns. Duckdns is a free alternative to owning a domain name.

Share this post


Link to post

Hello, 
Currently running linuxserver/letsencrypt
'fix common problems' said this is not depreciated and should be updated.
I read in the migration notes "As long as you keep the /config folder mapping the same, all your previous config and data will be picked up by the new container"

I am going to SSH and backup (copy) /mnt/user/appdata/letsencrypt for safe keeping in case.
 

Before I proceed:
01. what's the best method to backup the dockers in the state their in? 
< backup the docker.img to another location > that way if it is required to revert and 'start over' the ability to copy and replace is available?
02. can I simply edit the repository from linuxserver/letsencrypt to linuxserver/swag and start the docker and it will push and keep my settings?
03. Am I required to remove letsencrypt docker, then add SWAG, and configure the docker to point at the correct paths, without needing to reconfigure everything?

Thanks,

Edited by bombz

Share this post


Link to post
19 hours ago, aptalca said:

Sounds like we all have the same first name 😅

 

The only potential issue I'm aware of is in nextcloud's config.php where you allow a proxy. You'd have to change that to swag if you change the container name (and if you reverse proxy nextcloud)

Just FYI in case anyone else changes container name like myself...

 

I am using DNS Validation through CloudFlare. Changing container name DID prompt it to download new set of certs. No biggie, but for those of us using CloudFlares Proxy it can cause issues if you do not turn CloudFlare Proxy off before trying to write certs it *can* cause headaches... Anyways just FYI 🙂

Share this post


Link to post
8 minutes ago, blaine07 said:

Just FYI in case anyone else changes container name like myself...

 

Did you only edit the repository from linuxserver/letsencrypt to linuxserver/swag and start the docker, and everything worked ?

Share this post


Link to post
5 minutes ago, bombz said:

Did you only edit the repository from linuxserver/letsencrypt to linuxserver/swag and start the docker, and everything worked ?

Yes, changing ONLY the repository does work. I didn't move directories or anything. Just so far have changed repository, renamed container and changed the little thumbnail to SWAG. (Not to be facetious but a few pages back it's discussed in length about changing repository and etc :-))

 

Yeah, changing repository ONLY Is *SAFE* though mate! 🙂

Share this post


Link to post
12 minutes ago, blaine07 said:

Yes, changing ONLY the repository does work. I didn't move directories or anything. Just so far have changed repository, renamed container and changed the little thumbnail to SWAG. (Not to be facetious but a few pages back it's discussed in length about changing repository and etc :-))

 

Yeah, changing repository ONLY Is *SAFE* though mate! 🙂

Good to know. That was my plan going into it. I was not sure if it would cause other concerns. 
I suppose I will backup all directories as well as take a copy of my docker.img and move it to a safe place, in case I need to restore back if I run into any concerns.

Edited by bombz

Share this post


Link to post
Good to know. That was my plan going into it. I was not sure if it would cause other concerns. 

I suppose I will backup all directories as well as take a copy of my docker.img and move it to a safe place, in case I need to restore back if I run into any concerns.

Absolutely. Always safe over sorry!! Nothing else I don’t, until I renamed container, even provoked it into re-writing certs. You’ll be good mate

 

Oh yeah, as stated above I had to adjust Nextcloud’s config.php. Haven’t found anything else that relies on proxy name like Nextcloud though. :-)

Share this post


Link to post
8 minutes ago, blaine07 said:

Absolutely. Always safe over sorry!! Nothing else I don’t, until I renamed container, even provoked it into re-writing certs. You’ll be good mate emoji3.png

 

Oh yeah, as stated above I had to adjust Nextcloud’s config.php. Haven’t found anything else that relies on proxy name like Nextcloud though. 🙂

You bet!
OK, I will plan to work on this update Friday this week and hope everything goes smooth.
Thanks for the heads up on Nextcloud, currently I don't have that running, only a few containers at this point. 
Hope this goes smoothly.

Share this post


Link to post

Hi, 

 

After reading through all 196 pages and from the kind support of several members, I am a lot further along than where I was a week ago. One question that does not seem to have been asked though, is what is this "LuaJIT" message on startup......I'm kidding, I'm kidding.....that question must make up at least a fifth of this thread. 🤣

 

I now have SWAG and Fail2ban setup (almost) and would like to kindly ask for one last push in the right direction to be able to sort this out once and for all. I am very much the novice and have tried my best to address this on my own however I have now exhausted my skillset and very much need assistance. 

 

To clarify, there are no error messages in SWAG at all, that is working flawlessly and all my certs are downloaded and in place. Checking the Fail2ban log however, it will only start up if I set the four default jails to "false". My fifth jail; "bitwarden" will start fine when set to "true" though. I have not touched any of the conf files relating to the four default jails. I have reset everything back to default, or I thought I had, clearly I've missed something. The error that is shown in the fail2ban log is long, convoluted and I am unable to identify the source of the problem from it, the odd phrase that I can identify has proven negative after googling. I will paste it below (along with my current working jail.local file) in the hopes that someone may be able to point out my mistake. 

 

Apologies for any duplication between here and the Bitwarden thread, I initially posted a query relating to Bitwarden, however once addressed, this error was identified and so I thought it best to post here.

 

Thanks in advance. 

 

jail.local (email, password and destination redacted)

Quote

## Version 2020/05/10 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
# This is the custom version of the jail.conf for fail2ban
# Feel free to modify this and add additional filters
# Then you can drop the new filter conf files into the fail2ban-filters
# folder and restart the container

[DEFAULT]

action = iptables-allports
                %(action_mw)s[from=XXXXX@XXXXX.XXX, password=XXXXX, destination=XXXXX@XXXXX.XXX, sendername=Fail2Ban]

# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
banaction = iptables-allports

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 5


[ssh]

enabled = false


[nginx-http-auth]

enabled  = false
filter   = nginx-http-auth
port     = http,https
logpath  = /config/log/nginx/error.log
ignoreip = 192.168.1.0/24


[nginx-badbots]

enabled  = false
port     = http,https
filter   = nginx-badbots
logpath  = /config/log/nginx/access.log
maxretry = 2


[nginx-botsearch]

enabled  = false
port     = http,https
filter   = nginx-botsearch
logpath  = /config/log/nginx/access.log

 

[nginx-deny]

enabled  = false
port     = http,https
filter   = nginx-deny
logpath  = /config/log/nginx/error.log

 

[bitwardenrs]

enabled = true
port = http,https
filter = bitwardenrs
action = iptables-allports[name=bitwardenrs]
logpath = /bitwarden/bitwarden.log
maxretry = 3
bantime = 14400
findtime = 14400

 

fail2ban log when any jail other than bitwarden is set to "true"

Quote

2020-09-21 14:53:17,422 fail2ban.server         [392]: INFO    Starting Fail2ban v0.11.1

2020-09-21 14:53:17,423 fail2ban.observer       [392]: INFO    Observer start...

2020-09-21 14:53:17,474 fail2ban.database       [392]: INFO    Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'

2020-09-21 14:53:17,477 fail2ban.jail           [392]: INFO    Creating new jail 'nginx-http-auth'

2020-09-21 14:53:17,482 fail2ban.jail           [392]: INFO    Jail 'nginx-http-auth' uses poller {}

2020-09-21 14:53:17,482 fail2ban.jail           [392]: INFO    Initiated 'polling' backend

2020-09-21 14:53:17,494 fail2ban.filter         [392]: INFO      maxRetry: 5

2020-09-21 14:53:17,494 fail2ban.filter         [392]: INFO      findtime: 600

2020-09-21 14:53:17,494 fail2ban.actions        [392]: INFO      banTime: 600

2020-09-21 14:53:17,495 fail2ban.filter         [392]: INFO      encoding: UTF-8

2020-09-21 14:53:17,498 fail2ban.filter         [392]: INFO    Added logfile: '/config/log/nginx/error.log' (pos = 0, hash = 47f858d36526d1ef0a7f76c716c9701d41b5a948)

2020-09-21 14:53:17,499 fail2ban.transmitter    [392]: WARNING Command ['server-stream', [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', '/config/log/fail2ban/fail2ban.log'], ['set', 'dbfile', '/config/fail2ban/fail2ban.sqlite3'], ['set', 'dbmaxmatches', 10], ['set', 'dbpurgeage', '1d'], ['add', 'nginx-http-auth', 'auto'], ['set', 'nginx-http-auth', 'usedns', 'warn'], ['set', 'nginx-http-auth', 'addfailregex', '^ \\[error\\] \\d+#\\d+: \\*\\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\\"]*"), client: <HOST>, server: \\S*, request: "\\S+ \\S+ HTTP/\\d+\\.\\d+", host: "\\S+"(?:, referrer: "\\S+")?\\s*$'], ['set', 'nginx-http-auth', 'datepattern', '{^LN-BEG}'], ['set', 'nginx-http-auth', 'maxretry', 5], ['set', 'nginx-http-auth', 'maxmatches', 5], ['set', 'nginx-http-auth', 'findtime', '600'], ['set', 'nginx-http-auth', 'bantime', '600'], ['set', 'nginx-http-auth', 'ignorecommand', ''], ['set', 'nginx-http-auth', 'addignoreip', '192.168.1.0/24'], ['set', 'nginx-http-auth', 'logencoding', 'auto'], ['set', 'nginx-http-auth', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'nginx-http-auth', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-http-auth', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-http-auth'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-http-auth\n<iptables> -F f2b-nginx-http-auth\n<iptables> -X f2b-nginx-http-auth'], ['actionflush', '<iptables> -F f2b-nginx-http-auth'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-http-auth[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-http-auth 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-http-auth -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-http-auth'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-http-auth', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-http-auth', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-http-auth'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-http-auth\n<iptables> -F f2b-nginx-http-auth\n<iptables> -X f2b-nginx-http-auth'], ['actionflush', '<iptables> -F f2b-nginx-http-auth'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-http-auth[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-http-auth 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-http-auth -s <ip> -j <blocktype>'], ['name', 'nginx-http-auth'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-http-auth', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-http-auth', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-http-auth has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-http-auth has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX.XXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-http-auth.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX.XXX -apXXXXX XXXXX@XXXXX.XXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-http-auth: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX.XXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX.XXX -apXXXXX XXXXX@XXXXX.XXX'], ['norestored', True], ['name', 'nginx-http-auth'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX.XXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX.XXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-botsearch', 'auto'], ['set', 'nginx-botsearch', 'usedns', 'warn'], ['multi-set', 'nginx-botsearch', 'addfailregex', ['^<HOST> \\- \\S+ \\[\\] \\"(GET|POST|HEAD) \\/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]* \\S+\\" 404 .+$', '^ \\[error\\] \\d+#\\d+: \\*\\d+ (\\S+ )?\\"\\S+\\" (failed|is not found) \\(2\\: No such file or directory\\), client\\: <HOST>\\, server\\: \\S*\\, request: \\"(GET|POST|HEAD) \\/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]* \\S+\\"\\, .*?$']], ['set', 'nginx-botsearch', 'datepattern', '{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?\n^[^\\[]*\\[({DATE})\n{^LN-BEG}'], ['set', 'nginx-botsearch', 'maxretry', 2], ['set', 'nginx-botsearch', 'maxmatches', 2], ['set', 'nginx-botsearch', 'findtime', '600'], ['set', 'nginx-botsearch', 'bantime', '600'], ['set', 'nginx-botsearch', 'ignorecommand', ''], ['set', 'nginx-botsearch', 'logencoding', 'auto'], ['set', 'nginx-botsearch', 'addlogpath', '/config/log/nginx/access.log', 'head'], ['set', 'nginx-botsearch', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-botsearch', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-botsearch\n<iptables> -A f2b-nginx-botsearch -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-botsearch'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-botsearch\n<iptables> -F f2b-nginx-botsearch\n<iptables> -X f2b-nginx-botsearch'], ['actionflush', '<iptables> -F f2b-nginx-botsearch'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-botsearch[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-botsearch 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-botsearch -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-botsearch'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-botsearch', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-botsearch', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-botsearch\n<iptables> -A f2b-nginx-botsearch -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-botsearch'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-botsearch\n<iptables> -F f2b-nginx-botsearch\n<iptables> -X f2b-nginx-botsearch'], ['actionflush', '<iptables> -F f2b-nginx-botsearch'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-botsearch[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-botsearch 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-botsearch -s <ip> -j <blocktype>'], ['name', 'nginx-botsearch'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-botsearch', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-botsearch', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-botsearch has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-botsearch has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX.XXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-botsearch.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX.XXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-botsearch: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-botsearch'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'ssh', 'auto'], ['set', 'ssh', 'usedns', 'warn'], ['set', 'ssh', 'prefregex', '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'], ['set', 'ssh', 'maxlines', 1], ['multi-set', 'ssh', 'addfailregex', ['^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)', '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)', '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>', '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^refused connect from \\S+ \\(<HOST>\\)', '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$", '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*', '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$', '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$', '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:', '^<F-NOFAIL><F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET></F-NOFAIL> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?:(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*|\\s*)$', '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)', '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>']], ['set', 'ssh', 'datepattern', '{^LN-BEG}'], ['set', 'ssh', 'addjournalmatch', '_SYSTEMD_UNIT=sshd.service', '+', '_COMM=sshd'], ['set', 'ssh', 'maxretry', 6], ['set', 'ssh', 'maxmatches', 6], ['set', 'ssh', 'findtime', '600'], ['set', 'ssh', 'bantime', '600'], ['set', 'ssh', 'ignorecommand', ''], ['set', 'ssh', 'logencoding', 'auto'], ['set', 'ssh', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'ssh', 'addaction', 'iptables-allports'], ['multi-set', 'ssh', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-ssh\n<iptables> -A f2b-ssh -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-ssh'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-ssh\n<iptables> -F f2b-ssh\n<iptables> -X f2b-ssh'], ['actionflush', '<iptables> -F f2b-ssh'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-ssh[ \\t]'"], ['actionban', '<iptables> -I f2b-ssh 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-ssh -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'ssh'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'ssh', 'addaction', 'iptables-allports'], ['multi-set', 'ssh', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-ssh\n<iptables> -A f2b-ssh -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-ssh'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-ssh\n<iptables> -F f2b-ssh\n<iptables> -X f2b-ssh'], ['actionflush', '<iptables> -F f2b-ssh'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-ssh[ \\t]'"], ['actionban', '<iptables> -I f2b-ssh 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-ssh -s <ip> -j <blocktype>'], ['name', 'ssh'], ['port', 'ssh'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'ssh', 'addaction', 'sendmail-whois'], ['multi-set', 'ssh', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] ssh: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail ssh has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] ssh: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail ssh has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] ssh: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against ssh.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] ssh: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'ssh'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-badbots', 'auto'], ['set', 'nginx-badbots', 'usedns', 'warn'], ['set', 'nginx-badbots', 'addfailregex', '^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:Atomic_Email_Hunter/4\\.0|atSpider/1\\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\\.6|ContactBot/0\\.2|ContentSmartz|DataCha0s/2\\.0|DBrowse 1\\.4b|DBrowse 1\\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\\.0\\.x|ISC Systems iRc Search 2\\.1|IUPUI Research Bot v 1\\.9a|LARBIN-EXPERIMENTAL \\(efp@gmx\\.net\\)|LetsCrawl\\.com/1\\.0 \\+http\\://letscrawl\\.com/|Lincoln State Web Browser|LMQueueBot/0\\.2|LWP\\:\\:Simple/5\\.803|Mac Finder 1\\.0\\.xx|MFC Foundation Class Library 4\\.0|Microsoft URL Control - 6\\.00\\.8xxx|Missauga Locate 1\\.0\\.0|Missigua Locator 1\\.9|Missouri College Browse|Mizzu Labs 2\\.2|Mo College 1\\.9|MVAClient|Mozilla/2\\.0 \\(compatible; NEWT ActiveX; Win32\\)|Mozilla/3\\.0 \\(compatible; Indy Library\\)|Mozilla/3\\.0 \\(compatible; scan4mail \\(advanced version\\) http\\://www\\.peterspages\\.net/?scan4mail\\)|Mozilla/4\\.0 \\(compatible; Advanced Email Extractor v2\\.xx\\)|Mozilla/4\\.0 \\(compatible; Iplexx Spider/1\\.0 http\\://www\\.iplexx\\.at\\)|Mozilla/4\\.0 \\(compatible; MSIE 5\\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\\.0 efp@gmx\\.net|Mozilla/5\\.0 \\(Version\\: xxxx Type\\:xx\\)|NameOfAgent \\(CMS Spider\\)|NASA Search 1\\.0|Nsauditor/1\\.x|PBrowse 1\\.4b|PEval 1\\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\\.0\\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\\.com|ShablastBot 1\\.0|snap\\.com beta crawler v0|Snapbot/1\\.0|Snapbot/1\\.0 \\(Snap Shots&#44; \\+http\\://www\\.snap\\.com\\)|sogou develop spider|Sogou Orion spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sogou spider|Sogou web spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\\.2|User-Agent\\: Mozilla/4\\.0 \\(compatible; MSIE 6\\.0; Windows NT 5\\.1\\)|VadixBot|WebVulnCrawl\\.unknown/1\\.0 libwww-perl/5\\.803|Wells Search II|WEP Search 00|EmailCollector|WebEMailExtrac|TrackBack/1\\.02|sogou music spider)"$'], ['set', 'nginx-badbots', 'maxretry', 2], ['set', 'nginx-badbots', 'maxmatches', 2], ['set', 'nginx-badbots', 'findtime', '600'], ['set', 'nginx-badbots', 'bantime', '600'], ['set', 'nginx-badbots', 'ignorecommand', ''], ['set', 'nginx-badbots', 'logencoding', 'auto'], ['set', 'nginx-badbots', 'addlogpath', '/config/log/nginx/access.log', 'head'], ['set', 'nginx-badbots', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-badbots', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-badbots\n<iptables> -A f2b-nginx-badbots -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-badbots'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-badbots\n<iptables> -F f2b-nginx-badbots\n<iptables> -X f2b-nginx-badbots'], ['actionflush', '<iptables> -F f2b-nginx-badbots'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-badbots[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-badbots 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-badbots -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-badbots'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-badbots', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-badbots', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-badbots\n<iptables> -A f2b-nginx-badbots -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-badbots'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-badbots\n<iptables> -F f2b-nginx-badbots\n<iptables> -X f2b-nginx-badbots'], ['actionflush', '<iptables> -F f2b-nginx-badbots'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-badbots[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-badbots 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-badbots -s <ip> -j <blocktype>'], ['name', 'nginx-badbots'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-badbots', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-badbots', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-badbots: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-badbots has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-badbots: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-badbots has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-badbots: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-badbots.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-badbots: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-badbots'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'nginx-deny', 'auto'], ['set', 'nginx-deny', 'usedns', 'warn'], ['set', 'nginx-deny', 'addfailregex', '^ \\[error\\] \\d+#\\d+: \\*\\d+ (access forbidden by rule), client: <HOST>, server: \\S*, request: "\\S+ \\S+ HTTP\\/\\d+\\.\\d+", host: "\\S+"(?:, referrer: "\\S+")?\\s*$'], ['set', 'nginx-deny', 'datepattern', '{^LN-BEG}'], ['set', 'nginx-deny', 'maxretry', 5], ['set', 'nginx-deny', 'maxmatches', 5], ['set', 'nginx-deny', 'findtime', '600'], ['set', 'nginx-deny', 'bantime', '600'], ['set', 'nginx-deny', 'ignorecommand', ''], ['set', 'nginx-deny', 'logencoding', 'auto'], ['set', 'nginx-deny', 'addlogpath', '/config/log/nginx/error.log', 'head'], ['set', 'nginx-deny', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-deny', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-deny\n<iptables> -A f2b-nginx-deny -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-deny'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-deny\n<iptables> -F f2b-nginx-deny\n<iptables> -X f2b-nginx-deny'], ['actionflush', '<iptables> -F f2b-nginx-deny'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-deny[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-deny 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-deny -s <ip> -j <blocktype>'], ['actname', 'iptables-allports'], ['name', 'nginx-deny'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-deny', 'addaction', 'iptables-allports'], ['multi-set', 'nginx-deny', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-nginx-deny\n<iptables> -A f2b-nginx-deny -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-nginx-deny'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-nginx-deny\n<iptables> -F f2b-nginx-deny\n<iptables> -X f2b-nginx-deny'], ['actionflush', '<iptables> -F f2b-nginx-deny'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-nginx-deny[ \\t]'"], ['actionban', '<iptables> -I f2b-nginx-deny 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-nginx-deny -s <ip> -j <blocktype>'], ['name', 'nginx-deny'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['actname', 'iptables-allports'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['set', 'nginx-deny', 'addaction', 'sendmail-whois'], ['multi-set', 'nginx-deny', 'action', 'sendmail-whois', [['actionstart', 'printf %b "Subject: [Fail2Ban] nginx-deny: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-deny has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actionstop', 'printf %b "Subject: [Fail2Ban] nginx-deny: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: root@localhost\\n\nHi,\\n\nThe jail nginx-deny has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@<fq-hostname>" "root@localhost"'], ['actioncheck', ''], ['actionban', 'printf %b "Subject: [Fail2Ban] nginx-deny: banned <ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against nginx-deny.\\n\\n\nHere is more information about <ip> :\\n\n`whois <ip> || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['actionunban', 'printf %b "Subject: [Fail2Ban] nginx-deny: UNBANNED IP <ip> \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@<fq-hostname>>\nTo: XXXXX@XXXXX\\n\nHi,\\n\nFail2ban has unbanned ip https://db-ip.com/<ip> successfully. \\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -t -v -H \'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465\' -auXXXXX@XXXXX -apXXXXX XXXXX@XXXXX'], ['norestored', True], ['name', 'nginx-deny'], ['sender', 'root@<fq-hostname>'], ['dest', 'root@localhost'], ['protocol', 'tcp'], ['chain', '<known/chain>'], ['from', 'XXXXX@XXXXX'], ['password', 'XXXXX'], ['destination', 'XXXXX@XXXXX'], ['sendername', 'Fail2Ban'], ['actname', 'sendmail-whois'], ['mailcmd', '/usr/sbin/sendmail -f "<sender>" "<dest>"']]], ['add', 'bitwardenrs', 'auto'], ['set', 'bitwardenrs', 'usedns', 'warn'], ['set', 'bitwardenrs', 'addfailregex', 'Username or password is incorrect\\. Try again\\. IP: <HOST>\\. Username: .*\\.$'], ['set', 'bitwardenrs', 'maxretry', 3], ['set', 'bitwardenrs', 'maxmatches', 3], ['set', 'bitwardenrs', 'findtime', '14400'], ['set', 'bitwardenrs', 'bantime', '14400'], ['set', 'bitwardenrs', 'ignorecommand', ''], ['set', 'bitwardenrs', 'logencoding', 'auto'], ['set', 'bitwardenrs', 'addlogpath', '/bitwarden/bitwarden.log', 'head'], ['set', 'bitwardenrs', 'addaction', 'iptables-allports'], ['multi-set', 'bitwardenrs', 'action', 'iptables-allports', [['actionstart', '<iptables> -N f2b-bitwardenrs\n<iptables> -A f2b-bitwardenrs -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-bitwardenrs'], ['actionstop', '<iptables> -D INPUT -p tcp -j f2b-bitwardenrs\n<iptables> -F f2b-bitwardenrs\n<iptables> -X f2b-bitwardenrs'], ['actionflush', '<iptables> -F f2b-bitwardenrs'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-bitwardenrs[ \\t]'"], ['actionban', '<iptables> -I f2b-bitwardenrs 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-bitwardenrs -s <ip> -j <blocktype>'], ['name', 'bitwardenrs'], ['actname', 'iptables-allports'], ['chain', 'INPUT'], ['port', 'ssh'], ['protocol', 'tcp'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['start', 'nginx-http-auth'], ['start', 'nginx-botsearch'], ['start', 'ssh'], ['start', 'nginx-badbots'], ['start', 'nginx-deny'], ['start', 'bitwardenrs']]] has failed. Received ValueError('Action iptables-allports already exists')

2020-09-21 14:53:17,501 fail2ban                [392]: ERROR   NOK: ('Action iptables-allports already exists',)

 

fail2ban log when only bitwarden jail set to "true" (IP's redacted)

Quote

2020-09-21 18:20:39,246 fail2ban.server         [389]: INFO    --------------------------------------------------
2020-09-21 18:20:39,247 fail2ban.server         [389]: INFO    Starting Fail2ban v0.11.1
2020-09-21 18:20:39,248 fail2ban.observer       [389]: INFO    Observer start...
2020-09-21 18:20:39,263 fail2ban.database       [389]: INFO    Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
2020-09-21 18:20:39,266 fail2ban.jail           [389]: INFO    Creating new jail 'bitwardenrs'
2020-09-21 18:20:39,271 fail2ban.jail           [389]: INFO    Jail 'bitwardenrs' uses poller {}
2020-09-21 18:20:39,271 fail2ban.jail           [389]: INFO    Initiated 'polling' backend
2020-09-21 18:20:39,275 fail2ban.filter         [389]: INFO      maxRetry: 3
2020-09-21 18:20:39,275 fail2ban.filter         [389]: INFO      findtime: 14400
2020-09-21 18:20:39,276 fail2ban.actions        [389]: INFO      banTime: 14400
2020-09-21 18:20:39,276 fail2ban.filter         [389]: INFO      encoding: UTF-8
2020-09-21 18:20:39,279 fail2ban.filter         [389]: INFO    Added logfile: '/bitwarden/bitwarden.log' (pos = 4192, hash = def801fd5179058b828b90306efb0a4e6bff8d18)
2020-09-21 18:20:39,301 fail2ban.jail           [389]: INFO    Jail 'bitwardenrs' started
2020-09-21 18:20:39,481 fail2ban.actions        [389]: NOTICE  [bitwardenrs] Restore Ban XXX.XXX.XXX.XX
2020-09-21 18:20:39,556 fail2ban.actions        [389]: NOTICE  [bitwardenrs] Restore Ban XXX.XX.XXX.XXX

 

Edited by LoneTraveler

Share this post


Link to post

I'm trying to restrict NGINX access for a few things to a couple IP addresses. I've been having a difficult time finding the "right" way to do this with Swag and all of its proxy confs. Can someone help point me to the right direction? Thanks!

Share this post


Link to post

Sorry for all the posts but I'm still trying to beat my way through all of this and get it working....I dont know much about computers so just trying to figure all this out. BUT, its coming along....a little progress here and there and I appreciate you guys!

 

OKAY, So when you rename a configuration file to remove the ".sample" then restart SWAG, should it put another sample version of the same file back in? Where I now have two....the sample version and the new one without sample?

 

I went to the config files in Krusader and tried just right clicking and renaming, then going down to properties and renaming it there, then I tried to open with Kate and rename then save. In any case, once I restart SWAG it puts a sample version back in there so that I have both. Is that correct?  The reason I am questioning if I am doing this correct is because when I go to the subdomain in the browser instead of getting the apps GUI, I am getting this page.... That says "welcome to out server"

 

Any idea on what is the most likely problem that would be causing this page instead of the GUI?

 

Thanks for all your advice!

 

Edited by SPOautos

Share this post


Link to post
29 minutes ago, SPOautos said:

Sorry for all the posts but I'm still trying to beat my way through all of this and get it working....I dont know much about computers so just trying to figure all this out. BUT, its coming along....a little progress here and there and I appreciate you guys!

 

OKAY, So when you rename a configuration file to remove the ".sample" then restart SWAG, should it put another sample version of the same file back in? Where I now have two....the sample version and the new one without sample?

 

I went to the config files in Krusader and tried just right clicking and renaming, then going down to properties and renaming it there, then I tried to open with Kate and rename then save. In any case, once I restart SWAG it puts a sample version back in there so that I have both. Is that correct?  The reason I am questioning if I am doing this correct is because when I go to the subdomain in the browser instead of getting the apps GUI, I am getting this page....

 

 

 

Any idea on what is the most likely problem that would be causing this page instead of the GUI?

 

Thanks for all your advice!

Hi, 

 

That is perfectly normal, if there is no sample file, the container will create one upon restart, what's important is the conf file "without" the ".sample".

 

I note that the above url is now correctly forwarding to your Sonarr. Please redact the URL and enable authentication in settings, your Sonarr is exposed for anyone to access. 

Edited by LoneTraveler

Share this post


Link to post
14 minutes ago, LoneTraveler said:

Hi, 

 

That is perfectly normal, if there is no sample file, the container will create one upon restart, what's important is the conf file "without" the ".sample".

 

I note that the above url is now correctly forwarding to your Sonarr. Please redact the URL and enable authentication in settings, your Sonarr is exposed for anyone to access. 

 

I enabled authentication in Sonarr...thanks for that!  However, I'm still getting this same "Welcome to our server"  page. I even tried it from my phone so that I wouldn't be on the same internet connection as my server.  Are you able to pull it up???

 

 

 

Thank!

Edited by SPOautos

Share this post


Link to post
7 minutes ago, SPOautos said:

 

I enabled authentication in Sonarr...thanks for that!  However, I'm still getting this same "Welcome to our server"  page. I even tried it from my phone so that I wouldn't be on the same internet connection as my server.  Are you able to pull it up???

 

 

 

Thank!

Hi, 

 

Not a problem. 

 

It loaded for me (Dukes of Hazard) 😉, if it's still not loading for you I'd suggest restarting the container and clearing your browser cache, then try again. 

 

 

20200921_221902.jpg

Edited by LoneTraveler

Share this post


Link to post
9 minutes ago, LoneTraveler said:

Hi, 

 

Not a problem. 

 

It loaded for me (Dukes of Hazard) 😉, if it's still not loading for you I'd suggest restarting the container and clearing your browser cache, then try again. 

 

I suppose it is browser cache like you said....on my phone when I use a incognito window it opened right up to the sonarr login. 

 

Dukes of Hazard takes me back!  It feels like looking through a old photo album of the past. Love it!

 

This stuff is a lot to chew through for someone who hasnt done much more with a computer than email, browsing, Word docs, saving pictures   lol.  I'm in WAY over my head, but the forum and SI videos has been a HUGE help....slowly fighting my way through it all, seeing that login screen is like a light at the end of the tunnel  lol.....or maybe like the pile of dirt that I'm fixing to ramp 100' off of  LOL

 

I appreciate you checking it out for me! Thanks!

Edited by SPOautos

Share this post


Link to post
2 minutes ago, SPOautos said:

 

I suppose it is browser cache like you said....on my phone when I use a incognito window it opened right up to the sonarr login. 

 

Dukes of Hazard takes me back!  It feels like looking through a old photo album of the past. Love it!

 

This stuff is a lot to chew through for someone who hasnt done much more with a computer than email, browsing, Word docs, saving pictures   lol.  I'm in WAY over my head, but the forum and SI videos has been a HUGE help....slowly fighting my way through it all, seeing that login screen is like a light at the end of the tunnel  lol.....or maybe like the pile of dirt that I'm fixing to ramp 100' off of  LOL

 

I appreciate you checking it out for me! Thanks!

Hahaha I know how you feel. I'm relatively new here myself, but you'll soon start picking bits up. 

 

You've made a great start with Sonarr and following Spaceinvaderone's tutorial, so what I'd recommend is keep a copy of the files you have edited so that you can refer back to "what works", and build from there. 

 

I've just recently finished reading this entire SWAG thread, I'd genuinely advise you to do the same in your spare time, there is a heap of useful information here and will put you in good standing to tackle your next unraid adventure. 👍

 

All the best. 

Share this post


Link to post

Hi,

 

Iam using Nextcloud from Linuxserver.io behind SWAG.
I always have the Message "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” when more than none is configured e.g. add_header X-Robots-Tag “none, nosnippet, noarchive”. When only "none" is configured everything is fine. Any Ideas why, is it a bug?

Share this post


Link to post
2 hours ago, DockX said:

Hi,

 

Iam using Nextcloud from Linuxserver.io behind SWAG.
I always have the Message "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” when more than none is configured e.g. add_header X-Robots-Tag “none, nosnippet, noarchive”. When only "none" is configured everything is fine. Any Ideas why, is it a bug?

You might have very old config files, so I would recommend you to check the date at the top of the config files in both swag and nextcloud and compare them with the ones on GitHub. The files I can remember is the default, proxy.conf and nginx.conf

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.