I’ve got a container on my host running a service exposed to the Internet, currently via a lxc proxy (
config device add foo proxy etc), and the log it generates is via a mounted file from the host so that I can use fail2ban on the host.
You may have spotted my problem already - all the IPs on the log for external access are the proxy’s 127.0.0.1 address, so fail2ban cannot work.
Can anyone suggest a way to set up my networking so that the original IPs appear in the log? (Hi @tomp !) I guess ideally I’d have a shared IP between host and container(s) with certain ports routed in to specific containers. Or perhaps I should just share the network? Or can proxying handle this natively? I see there’s a
proxy_protocol setting, but the docs do not explain how to make this work.