titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fail2ban: implement for jellyfin

Browse Source
This commit is contained in:
Simon Gardling
2026-01-20 14:39:43 -05:00
parent d9236152aa
commit f2ef562724
1 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
services/jellyfin.nix
View File

@@ -23,7 +23,11 @@
}; };
services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = '' services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = ''
reverse_proxy :${builtins.toString service_configs.ports.jellyfin} reverse_proxy :${builtins.toString service_configs.ports.jellyfin} {
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
request_body { request_body {
max_size 4096MB max_size 4096MB
} }
@@ -39,4 +43,19 @@
"render" "render"
service_configs.media_group service_configs.media_group
]; ];
# Protect Jellyfin login from brute force attacks
services.fail2ban.jails.jellyfin = {
enabled = true;
settings = {
backend = "auto";
port = "http,https";
logpath = "${config.services.jellyfin.dataDir}/log/log_*.log";
# defaults: maxretry=5, findtime=10m, bantime=10m
};
filter.Definition = {
failregex = ''^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\..*$'';
ignoreregex = "";
};
};
} }