Does anybody know if fail2ban-server (which blacklists connections to prevent DDOS attacks) get activated when people enter the wrong password too many times on the ERPNext web interface? Or does it get activated when a ssh connection is attempted?
fail2ban-server ends up occupying close to 100% CPU utilization and makes ERPNext crawl.
The other reason is frappe gunicorn makes the CPU utilization climb up to close to 100%. Anybody know why? And how to manage this?
You can configure which items get “watched”. I think by default SSH is monitored, but you can adjust almost any item in/out of the watchlist(s).
To check enabled jails
sudo fail2ban-client status
In many cases, excessive fail2ban CPU is caused by logrotate problems.
For what its worth…
I had the same problem on a server that was an image mirror of another functional server. I deleted everything in the site_config.json except the db_name and the db_password lines, then executed the following commands:
bench setup nginx
sudo service nginx reload
I am not sure why it seemed to work, but fail2ban stopped eating up all my cpu time. I cannot say for sure this was a solution, I just know that when I did this it worked. (v10.0.14) My circumstances were also a bit unique for using a copy of a disk image to get a running system.
Your mileage may vary…
Best not to do such things on a live production server during the business day.