Hello,
I discovered that in the apache log files the visitor is always logged as 127.0.0.1 if they visit the site over the configured hidden service . This can be problematic since fail2ban is intended be used for some services. Is this the intended behavior or should the remote address be forwarded somehow? The torrc file:
SocksPort [::]:9050
SocksPort 0.0.0.0:9050
ControlPort 9051
ORPort 9001
ORPort [::]:9001
BridgeRelay 1
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
ExitPolicy reject *:*
ExitPolicy reject6 *:*
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 127.0.0.1:9040
TransPort [::1]:9040
DNSPort 127.0.0.1:9053
DNSPort [::1]:9053
HiddenServiceDir /var/lib/tor-instances/plinth/hidden_service
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443
An example line of log from Roundcube:
[30-May-2022 21:53:25 +0000]: <n37rhbnr> IMAP Error: Login failed for admin against localhost from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /roundcube/?_task=login&_action=login