Hello all,
I have bitwarden-rs running for some time now. And my family and me are happy with this.
But I had another look at the wiki for changes and I’m not sure anymore if I have setup fail2ban in the right way.
Could someone have a look at these settings, and advise me?
In /etc/Apache2/sites-available/subdomain.domain.com-le-ssl.conf
#added for bitwarden
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L]
ProxyPass / http://localhost:9011/
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
#till here bitwarden
/etc/fail2ban/jail.d/bitwarden.local
[bitwarden]
enabled = true
port = 80,443,8081,9011
filter = bitwarden
#action = iptables-allports[name=bitwarden, chain=FORWARD]
banaction = %(banaction_allports)s
logpath = /bw-data/bitwarden.log
maxretry = 3
bantime = 14400
findtime = 14400
On the wiki I see this:
Note: Docker uses the FORWARD chain instead of the default INPUT chain. Therefore replace the banaction line with the following action when using Docker:
action = iptables-allports[name=bitwarden_rs, chain=FORWARD]
NOTE: Do not use this if you use a reverse proxy before Docker container. If proxy, like apache2 or nginx is used, use the ports of the proxy and do not use chain=FORWARD, only when using Docker without proxy!
Is the banaction line in jail.d okay then? Or should I use: action = iptables-allports[name=bitwarden
without the “chain=FORWARD]” part?