Real IP in gitea log for fail2ban (using Traefik)

Ecosystem
1

I’m trying and failing to get the real IP into the gitea log (for use with fail2ban), I have gitea running behind Traefik, both gitea and traefik are running in docker containers.

I’ve tried a few things relating to X-Forwarded-For and allowing forwardedHeaders etc but it doesn’t seem to work for me.

Can anyone help?

fail2ban does lock someone out if they try too much, but it bans the docker IP, which while achieving the same result isn’t ideal.

2

I actually figured this out, it wasn’t anything at issue with Traefik (which makes sense as all my other containers can get the IP just fine), but I had my REVERSE_PROXY_TRUSTED_PROXIES setting in app.ini incorrect. For some reason my docker is using a different IP range to that specified as the default in here.

I set this correctly and now it’s working just fine.

1 Like