Hello,
I have a regular problem when I want to connect to Overseerr. It also does it to my users.
They are banned by Fail2ban when they use the Plex connection option.
https://github.com/sct/overseerr/issues/3535#event-9714438172
#Overseerr create 401 request ( unauthorized ) > Fail2ban ban me
fierce cargo
vernal egret
What image are you using?
fierce cargo
vernal egret
Can you try our official image? Also, let’s see logs
From overseerr, not your access logs
fierce cargo
Yes, same issue on official docker image
I didn't even connect via Plex for the setup because Fail2ban banned me.
My nginx config :
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name overseerr-test.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.2.20;
set $upstream_port 5055;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/overseerr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.2.20;
set $upstream_port 5055;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Those are access logs. We need overseerrs logs
Oh I see your fail to ban is configured off our endpoint we routinely check if you are logged in.
Maybe check out the fail2ban config that’s in our docs https://docs.overseerr.dev/extending-overseerr/fail2ban
fierce cargo
I can't configure overseerr without being banned. Can you tell me how to retrieve the logs?
Sorry, I don't understand, I don't want to add another restriction.
I would like to understand why overseer shows 401 errors.
vernal egret
Because we check the auth endpoint to see if you are logged in on an interval. It’s. 401 until you are logged in.
fierce cargo
Mmmm okay.
How to avoid this? It's very problematic.
vernal egret
You can’t avoid these 401s. It’s how overseerr works. Adjust your fail2ban
fierce cargo
I see, that's too bad.
Thank you for your reply
gleaming sluice
@fierce cargo sct shared a link to our docs above with a working fail2ban config
fierce cargo
Yes thx, I'll have to do that, but it means excluding overseer from the "basic" fail2ban jails.
fierce cargo
@stiff swallow poke
stiff swallow
Hello,
A friend of mine, was banned yesterday trying to connect wuth his plex account. My F2B banned him !
I use the official image of Overseerr.
My reverse proxy is SWAG (Nginx).
But, F2B banned not with the Overseerr rules, but with the nginx-unauthorized rule !
I think I'll have to pull out Overseerr nginx log out of the nginx.log ...
@fierce cargo poke
versed pumice
@vernal egret I think the problem is how bursty this is, checking /api/v1/auth/me 2-3 times under a second from /login/plex/loading and then from /login as well, while SWAG is configured for 5 retries under 600s
austere ermine
Hello,
A friend of mine, was banned yesterday trying to connect wuth his plex ac...
Either that or create an ignoreregex rule in fail2ban's nginx-unauthorized.conf configuration file to exclude the overseerr domain name. Which do you think is better?
stiff swallow
Either that or create an `ignoreregex` rule in fail2ban's `nginx-unauthorized.co...
Hello, I really don't know 😅 My friend didn't get banned after this event... So maybe it was a punctual problem...