ERPNext Conference 2019* ERPNext.com Blog

Does UFW or fail2ban restrict access to erpnext ( nginx / website )?


#1

Hi All,

I am facing an issue, The erpnext website cannot be accessed thru a set of computers on one wan ip, but at the same time I can access it from computer which has a different wan ip.

Initally I thought it was a local network issue, but now after digging around, I think that access to the frontend (nginx) is being denied,

I have enabled Fail2ban and UFW, In the firewall I have opened ports for SSL, HTTP, SSH and Postfix. Fail2ban jail is configured to look at SSH connections.

Am I overlooking anything?


#2

You might need to open ports for web/redis etc(8000 or 8080, and 9000, 11000,12000,13000) - these will depend on how you have configured your system


#3

Thank you for your feedback, I use the standard ports.

But if it was a port issue, I wouldn’t be able to access from my mobile phone over data, at the same time other users were getting page not found after a while they got to login but got page not found in 2-5 mins. It felt like a firewall was pushing them out.

I will check the ports and confirm, I post my findings


#4

Hi All,

After doing a lot of digging around, I see that in the install script a fail2ban jail for nginx is created, This jail blacklists user with a particular IP, if under NAT all the users are locked out for 10 mins.

Is there a work around without static IP and disabling fail2ban jail?

I am testing and looking for options will post my finding


#5

This is a related post


#6

As a work around, you could create a dyndns entry and whitelist that instead of the IP address


#7

I was thinking the same, The ISP here does provide the option to setup a static IP and was planning to whitelist that IP