Replies: 5 comments 8 replies
-
|
You can use Fail2ban. |
Beta Was this translation helpful? Give feedback.
-
|
I use fail2ban and love it, however since I've been using NPM in a Container I cannot find a solution to pass the real IP to the internal service. The container only reports the container IP. I've found half a dozen "solutions," none of which work, so no fail2ban. If anyone has gotten real IPs to pass thru the NPM in a container please let me know, I'd love to be able to use F2B again. |
Beta Was this translation helpful? Give feedback.
-
|
What do you have configured in the advanced tab in NPM? |
Beta Was this translation helpful? Give feedback.
-
|
Nothing now, but I've tried all manner of
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
and other combinations of headers. I've also added these things to a
proxy.conf file called by my reverse proxy in NPM, nothing, still only gets
the container IP. I'm kinda at a loss as to why not a single solution has
worked as of yet.
…On Tue, Jul 22, 2025 at 9:40 AM ShlomiD83 ***@***.***> wrote:
What do you have configured in the advanced tab in NPM?
—
Reply to this email directly, view it on GitHub
<#4591 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF7DQAJ4IXUYHXFYHLL7R3D3JY5L3AVCNFSM6AAAAAB72AROUGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOBUHA2TCNA>
.
You are receiving this because you commented.Message ID:
<NginxProxyManager/nginx-proxy-manager/repo-discussions/4591/comments/13848514
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
|
Are you using Cloudflare? |
Beta Was this translation helpful? Give feedback.
-
|
No, NPM in a Container as a reverse proxy to other services in other
separate containers (i.e. Bitwarden, etc.)
…On Wed, Jul 23, 2025 at 2:46 PM ShlomiD83 ***@***.***> wrote:
Are you using Cloudflare?
—
Reply to this email directly, view it on GitHub
<#4591 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF7DQAN3NFAC4W3SCTD43UL3J7J75AVCNFSM6AAAAAB72AROUGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOBWG4YTKNA>
.
You are receiving this because you commented.Message ID:
<NginxProxyManager/nginx-proxy-manager/repo-discussions/4591/comments/13867154
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
|
proxy_set_header Host $host; I have all of these configured. |
Beta Was this translation helpful? Give feedback.
-
|
Wow, that is a lot right there. Do you have all of those in the advanced tab of the domain or are you calling them from a proxy.conf file? Also you have X-Real-IP; commented out, you don't use that one...? |
Beta Was this translation helpful? Give feedback.
-
Yes, all of that is in the advanced section. |
Beta Was this translation helpful? Give feedback.
-
|
I'm using authelia in front of my services so all of that config is necessary. |
Beta Was this translation helpful? Give feedback.
-
|
Now I'm intrigued, never heard of Authelia but it sounds really interesting
per their site. Not sure how that would work with some of my services,
i.e. Bitwarden and such. Probably seamless with the self hosted Bitwarden
web interface, but they also have an app, not sure how the Authelia front
end works with those. Maybe I'll give it a shot just to see if I can
establish some intrusion prevention.
…On Thu, Jul 24, 2025 at 11:14 AM ShlomiD83 ***@***.***> wrote:
I'm using authelia in front of my services so all of that config is
necessary.
—
Reply to this email directly, view it on GitHub
<#4591 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF7DQAKKKFPH24ZR3A565WD3KDZ4RAVCNFSM6AAAAAB72AROUGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOBXHE2DQNY>
.
You are receiving this because you commented.Message ID:
<NginxProxyManager/nginx-proxy-manager/repo-discussions/4591/comments/13879487
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
|
In order for the app and extension to work you exclude a few paths in Authelia config. |
Beta Was this translation helpful? Give feedback.
-
|
Well I gave it a shot, put all those in the Advanced tab of my host.domain,
restarted NPM, still the same. So strange, thanks for your help though.
…On Thu, Jul 24, 2025 at 1:36 AM ShlomiD83 ***@***.***> wrote:
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
I have all of these configured.
In addition to:
real_ip_header CF-Connecting-IP;
#real_ip_header X-Real-IP;
real_ip_recursive on;
—
Reply to this email directly, view it on GitHub
<#4591 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF7DQAJJQNEUAGRLDA5D2HD3KBWGPAVCNFSM6AAAAAB72AROUGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOBXGIZTMNA>
.
You are receiving this because you commented.Message ID:
<NginxProxyManager/nginx-proxy-manager/repo-discussions/4591/comments/13872364
@github.com>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
What would be some ways to harden NPM, specifically to block credential-stuffing or brute-force logins and rate-limit noisy scanners?
Any guidance, sample configs, or pointers to existing docs much appreciated—happy to PR updated docs if this helps others.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions