log ip for failed logins

[benneti]

It would be nice if the log would contain the ip for a failed login attempt, then it would be possible to write a simple fail2ban filter to harden the page a bit.

[benneti]

thanks! I'll try it as soon as the docker hub is updated

[benneti]

I am not sure whether this is a problem of my setup (podman) or anything else, but the ip reportet is the internal ip of the virtual network device. Any idea on that?
EDIT: just checked, the same happens in docker.

[ddvk]

if you are connecting from the host on which docker is running, that is the case, try connecting from a different host

[benneti]

Thanks for the reply.

It was a different host, even in a completely different network. (I wanted to be sure that the router does no strange stuff when accessing it's own IP).
Also I have nginx setup with

proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

which should lead to the correct IP passed to the container.

[benneti]

Taking a closer look, I think the problem might be that one needs some way to configure "which headers to hold the real client IP" or some logic for it.
(I have no idea what docker/podman do as the ip I get is always of their respective virtual network.)
See:
gin-gonic/gin#2686
gin-gonic/gin#2693
gin-gonic/gin#2632
Maybe "SetTrustedProxies" should be configurable (for example I would need to add "10.88.0.1" to maybe fix this)?

[ddvk]

yes, I saw that, there has been some drama. I pushed a new version, you should set RM_TRUST_PROXY=1, then it should trust those headers

[benneti]

ah nice, thank you very much!

[benneti]

just tried, it works now!