Hello
We have an issue with our v9 erpnext server. When we login as 2 different users in the same browser window (2 different tabs), the connection fails.
And here after if i try to login the site is not accessible. But it will be accessible through another ISP.
We were able to consistently reproduce this issue.
Did anyone come across such issues ? What is the work around for this. We are not able to access our website.I tried restarting the server on the digital ocean. But same issue.
As a enhancement/development to fix this issue:
Sree Harsha suggested, that its better that, when we try to login again, it should not take us to login page, so that we are forced to logout. And then login as a new user
Thanks Revanth.
Actually our motive is not to do mulit user logins. That was a one time thing. But since then our server is not accessible.
I opened this issue, as i want to find out how to access our server. Since yesterday our server is not reachable through my machine. As i logged in using multi users. If i change the ISP, its accessible.
My issue is not do multi user login, but to find a way to login into my server which has been inaccessible since yesterday.
The issue relates to Fail2ban. Your IP gets blocked by fail2ban as it sees such login attempts as potentially unauthorised. Typically it is supposed to unban the IP after a pre-defined time but i haven’t figured out how much time that is. I’ve had that issue several times and my IP gets unbanned by the next day but i’m still trying to figure out a way to permanently whitelist the IP so no matter what i do my IP doesn’t get banned.
Now its working. I checked after 24 hours it didnt work. Now its been more than 36 hrs so its working now. So i guess it takes around 36hrs to whitelist.
Thanks a lot for your help.
I was told if we restart the wifi router we may get a new IP and it would work. But i use LAN, dont use wifi router.
Couple of queries
Is this ban functinoality in the server or, somwhere in middle in the route path.
Any workarounds to get it working before 36 hours.
frappe@server:~/frappe-bench$ sudo bench setup fail2ban --help
Usage: bench setup fail2ban [OPTIONS]
Options:
--maxretry INTEGER Number of matches (i.e. value of the counter) which
triggers ban action on the IP. Default is 6 seconds
--bantime INTEGER The counter is set to zero if no match is found within
'findtime' seconds. Default is 600 seconds
--findtime INTEGER Duration (in seconds) for IP to be banned for. Negative
number for "permanent" ban. Default is 600 seconds
--help Show this message and exit.
emmm… Should this also affect local installations? I have a local site that runs v9 and this happens right on the server, the inventory guys work on the local server at localhost:8080 you know, and once one forgets to logout and another tries to login, everything disconnects.
you need to reboot the server, thats the only solution.
it wasnt a problem before, don’t know if it’s in v10.
summarily: should this affect a standalone server? maybe this needs further analysis. wasnt a problem with previous versions.
we’ve had this for over 4 months but its not so bad as we simply restart.
@kothagunda I know but i have been unable to figure out how to do the alternative; whitelist my IP address. I have zero coding knowledge and all the instructions i’ve found on how to whitelist IP address in Fail2ban are contradictory. I don’t want to mess up my ERPNext instance and there’s no instruction from the community on how to do this.
@rmehta yes I know this is not a bug. What I asked is for a clear way to whitelist my IP address in Fail2ban so whatever i do within my IP i don’t get locked out. Just as there are clear instructions on how to modify bantime from bench as posted above by @revant_one, it would be nice to know how to whitelist an IP.
Instructions i’ve found through search on how to whitelist an IP address on fail2ban are not consistent and as such, being a Noob, i am less inclined to test what i am not sure the outcome would be.
ignoreip =
Add now add all ip you want. Each IP or range IP must be placed here with a space. Ex: 192.168.0.1 192.168.5.0/32
Save. And restart Fail2Ban:
service fail2ban restart
This is one of them.
Step 1: Find IP Address to Unblock
Log in to your server via SSH and type in the following command:
iptables -L -n --line-numbers
Look for the IP address you want to unblock / unban. See the target of the IP address as well as the num (line number).
Step 2: Unban IP Address from fail2ban
For this example, we will remove an IP address with the target of fail2ban-ssh-ddos. To do so, type in the following:
iptables -D fail2ban-ssh-ddos 1
The IP address should now be unbanned from fail2ban.