Fail2ban + nginx reverse proxy: http status codes


I have a nextcloud vm (CentOS 7) with a nginx webserver (php-fpm).
For external access I have a nginx reverse proxy on a separate vm which passes requests to my internal nextcloud nginx server.
I wanted to setup fail2ban on this reverse proxy to handle failed logins but I seem to always get a “200” http code no matter if I try a non-existent username or a wrong password. Is this correct behaviour or could it be a configuration error I made? I was hoping to get an error status code so I could apply a fail2ban filter directly on the dmz reverse proxy.

I hope this makes sense and thanks for all your work.

On the same host, you normally use the failed login-messages from the Nextcloud logfile. If your login fails you return to the login screen, so I think it is not implemented to send an error status code. Can other webinterfaces handle this? Then you could make a feature request.