rhino/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-26 03:39:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add some instructions for the default backend

ValueXu
2024-12-30 18:09:01 +08:00
parent 3262b6a9b9
commit 8d934b275e
1 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
Fail2Ban-Setup.md

@@ -183,6 +183,32 @@ filter = vaultwarden[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service']
``` ```
Use these instead of `logpath = ` and `filter = ` variables. Use these instead of `logpath = ` and `filter = ` variables.
**NOTE FOR BACKEND**
If you installed fail2ban using such as `sudo apt install`, the `/etc/fai2ban/jail.conf` may using systemd as default backend. This default configuration item will result in the inability to monitor the log of logpath.
Add `backend = pyinotify` or `backend = inotify` to the `vaultwarden.local` config
```INI
# path_f2b/jail.d/vaultwarden.local
[vaultwarden]
enabled = true
backend = pyinotify
port = 80,443,8081
filter = vaultwarden
banaction = %(banaction_allports)s
logpath = /path/to/vaultwarden.log
maxretry = 3
bantime = 14400
findtime = 14400
```
Restart fail2ban for changes to take effect:
```bash
sudo systemctl restart fail2ban
```
**NOTE FOR CLOUDFLARE USERS** **NOTE FOR CLOUDFLARE USERS**
If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/) If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)
@@ -244,6 +270,32 @@ filter = vaultwarden-admin[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service'
``` ```
Use these instead of `logpath = ` and `filter = ` variables. Use these instead of `logpath = ` and `filter = ` variables.
**NOTE FOR BACKEND**
If you installed fail2ban using such as `sudo apt install`, the `/etc/fai2ban/jail.conf` may using systemd as default backend. This default configuration item will result in the inability to monitor the log of logpath.
Add `backend = pyinotify` or `backend = inotify` to the `vaultwarden.local` config
```INI
# path_f2b/jail.d/vaultwarden.local
[vaultwarden]
enabled = true
backend = pyinotify
port = 80,443,8081
filter = vaultwarden
banaction = %(banaction_allports)s
logpath = /path/to/vaultwarden.log
maxretry = 3
bantime = 14400
findtime = 14400
```
Restart fail2ban for changes to take effect:
```bash
sudo systemctl restart fail2ban
```
**NOTE FOR CLOUDFLARE USERS** **NOTE FOR CLOUDFLARE USERS**
If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/) If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)