Emby Nginx Reverse Proxy Forbidden

[mshaik 2]

Finally I am able to ban Ip using fail2ban-docker, npm-docker and emby-docker.

 

1. Create a folder fail2ban and create the docker-compose.yml adding the following code:

```
version: "3.7"
services:
  fail2ban:
    image: crazymax/fail2ban:latest
    container_name: fail2ban_docker
    network_mode: "host"
    environment:
      - TZ=US/Eastern
      - F2B_LOG_TARGET=STDOUT
      - F2B_LOG_LEVEL=INFO
      - F2B_DB_PURGE_AGE=1d
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - "path/to/storage/fail2ban/data:/data"
      - "path/to/storage/fail2ban/log/:/var/log/"
      - "path/to/storage/nginxproxymanager/AppData/data/logs:/log/npm/:ro"
      - "path/to/storage/emby/logs:/log/emby/:ro"
    restart: unless-stopped
```

2. In the fail2ban/data/ folder you created in your storage, create action.d, jail.d, filter.d folders and copy the files in the corresponding folder of git into them.

i.e jail.d will have npm-docker.local,emby.local, filter.d will have npm-docker.conf,emby.conf and filter.d will have docker-action.conf,emby-action.conf respectively .

 

Folder: fail2ban/data/jail.d

npm-docker.local

```

[npm-docker]
enabled = true
ignoreip = 127.0.0.1/8 192.168.1.0/24
logpath = /log/npm/default-host_*.log
          /log/npm/proxy-host-*.log
maxretry = 3
bantime  = 86400
findtime = 60
action = docker-action

```

emby.local

 

```

[emby]
enabled = true
logpath = /log/emby/embyserver.txt
ignoreip = 127.0.0.1/8 192.168.1.0/24 # your local IP subnets
maxretry = 3
bantime = 84600
findtime = 60
action = emby-docker-action

```

 

Folder: fail2ban/data/filter.d

emby.conf

```

[INCLUDES]

[Definition]

failregex = Response.4\d\d.to <HOST>.+ Time
           AUTH-ERROR: <HOST>.+-
 

```

 

npm-docker.conf

```

[INCLUDES]

[Definition]

failregex = ^<HOST>.+" (4\d\d|3\d\d) (\d\d\d|\d) .+$
            ^.+ 4\d\d \d\d\d - .+ \[Client <HOST>\] \[Length .+\] ".+" .+$

```

 

Folder: fail2ban/data/action.d

 

docker-action.conf

```

[Definition]

actionstart = iptables -N f2b-npm-docker
              iptables -A f2b-npm-docker -j RETURN
              iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker

actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker
             iptables -F f2b-npm-docker
             iptables -X f2b-npm-docker

actioncheck = iptables -n -L FORWARD | grep -q 'f2b-npm-docker[ \t]'

actionban = iptables -I f2b-npm-docker -s <ip> -j DROP

actionunban = iptables -D f2b-npm-docker -s <ip> -j DROP

```

 

emby-action.conf

 

```

[Definition]

actionstart = iptables -N f2b-emby
              iptables -A f2b-emby-docker -j RETURN
              iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-emby

actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-emby
             iptables -F f2b-emby
             iptables -X f2b-emby

actioncheck = iptables -n -L FORWARD | grep -q 'f2b-emby[ \t]'

actionban = iptables -I f2b-emby -s  <ip> -j DROP

actionunban = iptables -D f2b-emby -s <ip> -j DROP

```

 

 

 

 

 

3. Once these are set, run the docker compose and check if the container is up and running or not

 

 

Solution: It's setting custom action to ban and unban and also use Iptables forward from forward to f2b-npm-docker, f2b-emby which is more configuring up docker network, my docker containers are all in forward chain network, you can change FOWARD to DOCKER-USER or INPUT according to your docker-containers network.

 

I used following guides to finally come up with this:

https://github.com/jc21/nginx-proxy-manager/issues/39#issuecomment-907795521 - setup

https://www.the-lazy-dev.com/en/install-fail2ban-with-docker/ - iptable commands etc ..

 

Hope this helps some one like me who is trying to solve the issues they face with fail2ban and docker networks

 

[Luke 37007]

@mshaik Thanks for the feedback.