How to setup Fail2Ban on Nextcloud where is running behind a apache2 reverse proxy?


I would like to install fail2ban for my Nextcloud. However, I found out that in my case you have to install fail2ban on my apache2 reverse proxy server. When I did that it did not work. I have created a log file with the necessary permissions. Created a filter.d/nextcloud.conf with:

failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
          ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
          ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$

and a jail.d/nextcloud.local

backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 36000
findtime = 36000
logpath = /var/log/nextcloud.log

However, this does not work. What can I do

I think Nextcloud has got a lot of security and hardening options that personally i do not need fail2ban. But in this documentation you find also settings for fail2ban that differ from your settings. Maybe there is the problem.

Do you use 2FA? I think the biggest risk for Nextcloud from the internet is user/password credentials and not to use 2FA and not heal the password problem. In contrast to this fail2ban only helps against senseless mass attacks, which are not to be expected with a private Nextcloud instance. If someone steals your password, fail2ban will be of no use at all.