I am facing an issue, The erpnext website cannot be accessed thru a set of computers on one wan ip, but at the same time I can access it from computer which has a different wan ip.
Initally I thought it was a local network issue, but now after digging around, I think that access to the frontend (nginx) is being denied,
I have enabled Fail2ban and UFW, In the firewall I have opened ports for SSL, HTTP, SSH and Postfix. Fail2ban jail is configured to look at SSH connections.
Am I overlooking anything?
You might need to open ports for web/redis etc(8000 or 8080, and 9000, 11000,12000,13000) - these will depend on how you have configured your system
Thank you for your feedback, I use the standard ports.
But if it was a port issue, I wouldn’t be able to access from my mobile phone over data, at the same time other users were getting page not found after a while they got to login but got page not found in 2-5 mins. It felt like a firewall was pushing them out.
I will check the ports and confirm, I post my findings
After doing a lot of digging around, I see that in the install script a fail2ban jail for nginx is created, This jail blacklists user with a particular IP, if under NAT all the users are locked out for 10 mins.
Is there a work around without static IP and disabling fail2ban jail?
I am testing and looking for options will post my finding
As a work around, you could create a dyndns entry and whitelist that instead of the IP address
I was thinking the same, The ISP here does provide the option to setup a static IP and was planning to whitelist that IP