Using Fail2Ban with dockerized Gitea

Hello everyone,
I have set up a rootless docker container for gitea, and it is working great so far. I got fail2ban running on my host machine and I want to use it to moderate failed logins on gitea.

When checking the /data/log/gitea.log file however, ip’s originate from the local bridge address.

2020/02/12 16:50:31 routers/user/auth.go:171:SignInPost() [I] Failed authentication attempt for someuser from

How can I set up the instance in a way, that incoming ip’s are not masqueraded?


This can currently not be achieved for CentOS8 and docker rootless, since masquerade settings in docker are ignored due to a long lasting bug. Therefor not gitea related.

I know this is an old post, but in case others come across this; does this address the concern?: Rootless mode overwrites public IP to Docker's IP · Issue #41789 · moby/moby · GitHub

I was able to use the DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns setting to get the IP addresses to correctly pass through