Fail2ban with Organizr and Let’sEncrypt on unRAID

Ban everyone with Fail2ban!

In this guide I will explain how to integrate Let’s Encrypts Fail2ban with Organizr.

Organizr wiki:


To ban an IP-address after X amounts of failed login attempts for a set time.


For this to work we need the letsencrypt container to be able to see the “loginLog.json” file in the Organizr container.

  1. Open the letsencrypt container settings.
  2. Add a path from the letsencrypt container to the Organizr container.
      • Name: fail2ban organizr
      • Container path: /fail2ban or whatever you prefer
      • Host path: Your path to the Organizr /www folder e.g /AppData/Organizr/www/
      • Access mode: Read only
    • Description: fail2ban path into organizr /www folder








    1. Edit the jail.local file in the fail2ban folder inside the letsencrypt appdata config pathAdd this:
      enabled = true
      port = http,https
      filter = organizr-auth
      logpath = /fail2ban/loginLog.json
      ignoreip =
      • The ignore IP is so that fail2ban won’t ban your local IP. Check out if you are wondering what your netmask is.
      • The logpath is the container path you created in step 2.
    1. Create a file called organizr-auth.conf and add this:
      failregex = ","username":"\S+","ip":"<HOST>","auth_type":"bad_auth"}
      ignoreregex =
      • Go to the fail2ban folder in the letsencrypt directory and place the file in the filter.d directory.
      • Since you need write permission to add files to that folder you can either use SSH or the Krusader file manager to move the file into the folder.

Organizr nginx

  1. Because the Organizr container only logs the docker IP addresses e.g you need to add something in the Organizr default nginx site file.
    • Go to appdata\organizr\nginx\site-confs\default and add:
# get real IP
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Do not add this in your letsencrypt nginx config. Organizr has it’s own config!

Should look like this:

server {
listen 80 default_server;
root /config/www/Dashboard;
index index.html index.htm index.php;

server_name _;
client_max_body_size 0;

# get real IP
real_ip_header X-Forwarded-For;
real_ip_recursive on; 

location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi alone:
# With php5-fpm:
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;


location /auth-admin {
rewrite ^ /auth.php?admin;
location /auth-user {
rewrite ^ /auth.php?user;

It should now log the actual IP in the Organizr log.

Remember to restart both containers.


The fail2ban.log file should output something like this:

2017-08-08 21:51:13,777 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:51:12
2017-08-08 21:51:18,811 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:51:18
2017-08-08 21:51:43,965 fail2ban.filter [262]: INFO [organizr-auth] Ignore by ip
2017-08-08 21:51:51,008 fail2ban.filter [262]: INFO [organizr-auth] Ignore by ip
2017-08-08 21:51:57,045 fail2ban.filter [262]: INFO [organizr-auth] Ignore by ip
2017-08-08 21:52:03,080 fail2ban.filter [262]: INFO [organizr-auth] Ignore by ip
2017-08-08 21:53:25,578 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:53:24
2017-08-08 21:53:31,617 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:53:30
2017-08-08 21:53:36,650 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:53:36
2017-08-08 21:53:42,688 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:53:41
2017-08-08 21:53:48,726 fail2ban.filter [262]: INFO [organizr-auth] Found - 2017-08-08 21:53:47
2017-08-08 21:53:48,733 fail2ban.actions [262]: NOTICE [organizr-auth] Ban

If by some reason the fail2ban log should stop logging bad auths, try to create a new path to the loginLog.json file and use that instead.


If you managed to ban yourself or a friend banned themself you can do this to unban.

Bash into the container with:

docker exec -it letsencrypt bash

Enter fail2ban interactive mode:

fail2ban-client -i

Check the status of the jail:

status organizr-auth


Status for the jail: organizr-auth
|- Filter
| |- Currently failed: 0
| |- Total failed: 5
| `- File list: /fail2ban/loginLog.json
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list:

unban with:

set organizr-auth unbanip

If you already know the IP you want to unban you can just type this:

docker exec -it letsencrypt fail2ban-client set organizr-auth unbanip

For Fail2ban with basic auth check out my post here




%d bloggers like this: