Can you compare the IPs in fail2ban and in your vaultvarden log ?
IP’s in /mnt/dietpi_userdata/vaultwarden/vaultwarden.log
and /var/log/fail2ban.log are the same.
Hm then I have no further ideas, you could have a look here:
https://github.com/fail2ban/fail2ban/wiki/How-fail2ban-works
Or open a new issue there.
Thanks for your help!! Most part is working now…
BTW:
If I try to ssh into the VM with the wrong password I do get banned!!
But it’s a different service/port…
I found the issue now but not the solution.
You probably tried all this logging into your Vaultwarden by IP.
If I do this, from my Lan to the Vaultwarden VM, I do get banned after 4 trials!!! My IP is in the block list and I can’t reach the site.
The problem is when I do login via nginx. Here the ban happens and the IP is the correct one BUT the site is reachable.
Nginx-Vaultwarden needs something setup somewhere…
Probably the IP to get banned should be the IP of ngnix! If I could specify this IP to get always blocked on wrong passwords…
YES this would be it. If I ban the nginx IP manually I can reach the site (via DNS) any longer.
So my solution here would be: if there is a ban block the nginx IP also. How do I do this now…?
AHH this is because of the reverse proxy. Right?
Yes!
I access Vaultwarden via nginx reverse proxy, via DynDNS. So if I’m in the LAN or WAN I have access via the same DNS address, with LetsEncrypt cert all handled by Nginx reverse proxy.
Sorry, should have been clearer from the start!!!
Tried to follow this: https://www.reddit.com/r/homelab/comments/rax8kr/using_fail2ban_behind_nginx_proxy_manager/
I have setup the nginx proxy as rsyslog server. Working.
Now I need to send logs from Vaultwarden (running under Dietpi) do the rsyslog server on nginx.
I would then install fail2safe on nginx and ban the IP’s it gets from Vaultwarden.
- part: How do I send logs to the rsyslog server from Dietpi??
hmm I’m not a web server expert but if I’m not mistaken it should be possible to forward the real ip using headers from proxy to vaultwarden.
Was looking the other way around this time…
Sending the banned IP from Vaultwarden to nginx and then block it there with fail2ban
but there is no function in vaultwarden doing this. At least I’m not aware.
basically same question as yours. Maybe it can give a hint https://www.reddit.com/r/homelab/comments/rax8kr/using_fail2ban_behind_nginx_proxy_manager/
But there is a way to log to external syslog in debian/dietpi. Nothind specific to Vaultwarden. Just log all to external server instead or additional to local log files.
The Vaultwarden access error would then be available on nginx to be handled there by fail2safe.
have a look to the link I posted above. Maybe it gives a hint.
I posted that link before 
Trying exactly to follow this!
And I have the nginx VM acting as a syslog server. But I can’t get the DietPi/Vaultwarden VM to send the logs to the remote (nginx) syslog server…
hiii,
Maybe it can help … sorry, it’s German blog , you’ll have to translate it, i quickly browse the thing, there’s a link to a Nginx config…
Schreiners IT » Vaultwarden mit fail2ban absichern (schreiners-it.de)
…
1 Like
Ich bin Deutscher So no problem. I’ll have look instantly. Thx
Had a look. Vaultwarden is on Docker… I have it on Dietpi.
Have to see if I can adapt this or worst case switch to docker…
Yep There are many threads about this subject, but all or almost all of them are in Docker, I think this one is the closest to your problem …
so - have a good day/evening 