OpenCloud
Fail2ban & logs #1469
Replies: 4 comments 4 replies
-
|
PROXY_LOG_LEVEL= info only enables the access log in the proxy where every status code of every request is logged. That should be exactly what you need for Fail2Ban. |
Beta Was this translation helpful? Give feedback.
-
|
So just to confirm: 204 is what's expected for failed logins? |
Beta Was this translation helpful? Give feedback.
-
|
@blandureauj-hash Did you get a working filter going for the proxy access logs? I am seeing 204 for other things besides login failures. |
Beta Was this translation helpful? Give feedback.
-
|
Did a little googling on this and seems like 401/403 would be the standard for a failed login log entry. I understand there is some ambiguity of the standards since a response was sent. Is this something that could be considered? |
Beta Was this translation helpful? Give feedback.
-
|
204 might be coming from the built-in OIDC server libre-connect. We ship that with opencloud for conveniance and testing. Production systems should use keycloak or something like that. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
So if I set my instance up without touching keycloak values in .env then it's using libre-connect for the login/auth handling? |
Beta Was this translation helpful? Give feedback.
-
|
I did look in that project and see that 204 is a failed login response. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm trying to get fail2ban to work with OpenCloud.
So far, the only method I've found is:
(I've tried a few things, and login errors are giving this 204 error).
Is there another method (INFO logs are a bit cumbersome...) and/or other errors to watch out for?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions