Hi,
I run my vaultwarden Container and have set up logging. The goal is to record the IP address of failed login attempts and to ban the IP by fail2ban.
This is my docker compose file:
services:
vaultwarden:
image: vaultwarden/server:1.33.1
container_name: vaultwarden
restart: unless-stopped
environment:
- LOG_FILE=/data/vaultwarden.log
- LOG_LEVEL=info
- SIGNUPS_ALLOWED=false
ports:
- 4500:80
volumes:
- /home/container/vaultwarden/vw-data:/data/
The reverse proxy is running on a seperate VM as well as fail2ban.
Now, if there are failed login attempts the vaultwarden logs show the IP address of my reverse proxy rather than the origin IP address.
Content of vaultwarden log:
[2025-02-06 14:50:24.090][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.xxx.xxx.xxx. Username: redacted.
[2025-02-06 14:50:24.090][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2025-02-06 14:50:33.249][request][INFO] POST /identity/accounts/prelogin
[2025-02-06 14:50:33.251][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2025-02-06 14:50:33.437][request][INFO] POST /identity/connect/token
[2025-02-06 14:50:33.438][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.xxx.xxx.xxx. Username: redacted.
[2025-02-06 14:50:33.438][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2025-02-06 14:50:34.516][request][INFO] POST /identity/accounts/prelogin
Logs on my reverse proxy doesn’t show any failed login attempts to vaultwarden.
Is it possible to record the origin IP address instead?
Thanks!