diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 4d8b27e37..492df5395 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -26,7 +26,7 @@ ENV PYTHONUNBUFFERED=1 \
 # prepend poetry and venv to path
 ENV PATH="$POETRY_HOME/bin:$PATH"
 
-RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python -
+RUN curl -sSL https://install.python-poetry.org | python3 -
 # RUN poetry config virtualenvs.create false
 
 RUN apt-get update \
diff --git a/docker/api.Dockerfile b/docker/api.Dockerfile
index 098eeff29..66bf9697c 100644
--- a/docker/api.Dockerfile
+++ b/docker/api.Dockerfile
@@ -71,6 +71,7 @@ ENV GIT_COMMIT_HASH=$COMMIT
 RUN apt-get update \
     && apt-get install --no-install-recommends -y \
     gosu \
+    iproute2 \
     tesseract-ocr-all \
     libldap-2.4-2 \
     && apt-get autoremove \
diff --git a/docker/api.entry.sh b/docker/api.entry.sh
index f4a5a70f6..cbbd5cb9f 100644
--- a/docker/api.entry.sh
+++ b/docker/api.entry.sh
@@ -50,10 +50,10 @@ init
 GUNICORN_PORT=${API_PORT:-9000}
 
 # Start API
-
-if [ "$WEB_GUNICORN" == 'true' ]; then
+hostip=`/sbin/ip route|awk '/default/ { print $3 }'`
+if [ "$WEB_GUNICORN" = 'true' ]; then
     echo "Starting Gunicorn"
-    gunicorn mealie.app:app -b 0.0.0.0:$GUNICORN_PORT -k uvicorn.workers.UvicornWorker -c /app/gunicorn_conf.py --preload
+    gunicorn mealie.app:app -b 0.0.0.0:$GUNICORN_PORT --forwarded-allow-ips=$hostip -k uvicorn.workers.UvicornWorker -c /app/gunicorn_conf.py --preload
 else
-    uvicorn mealie.app:app --host 0.0.0.0 --port $GUNICORN_PORT
+    uvicorn mealie.app:app --host 0.0.0.0 --forwarded-allow-ips=$hostip --port $GUNICORN_PORT
 fi
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 606451a8e..ce59fc9fb 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -64,11 +64,10 @@ services:
 
       # =====================================
       # Web Concurrency
-      WEB_GUNICORN: "true"
+      WEB_GUNICORN: "false"
       WORKERS_PER_CORE: 0.5
       MAX_WORKERS: 1
       WEB_CONCURRENCY: 1
-
       # =====================================
       # Email Configuration
       # SMTP_HOST=
@@ -79,13 +78,13 @@ services:
       # SMTP_USER=
       # SMTP_PASSWORD=
 
-  # postgres:
-  #   container_name: postgres
-  #   image: postgres
-  #   restart: always
-  #   environment:
-  #     POSTGRES_PASSWORD: mealie
-  #     POSTGRES_USER: mealie
+      # postgres:
+      #   container_name: postgres
+      #   image: postgres
+      #   restart: always
+      #   environment:
+      #     POSTGRES_PASSWORD: mealie
+      #     POSTGRES_USER: mealie
 
 volumes:
   mealie-data:
diff --git a/docker/omni.Dockerfile b/docker/omni.Dockerfile
index 1997bb88a..7505d1594 100644
--- a/docker/omni.Dockerfile
+++ b/docker/omni.Dockerfile
@@ -94,6 +94,7 @@ ENV GIT_COMMIT_HASH=$COMMIT
 RUN apt-get update \
     && apt-get install --no-install-recommends -y \
     gosu \
+    iproute2 \
     tesseract-ocr-all \
     curl \
     gnupg \
diff --git a/docker/omni.docker-compose.yml b/docker/omni.docker-compose.yml
index 90ffba194..6f57bc4f7 100644
--- a/docker/omni.docker-compose.yml
+++ b/docker/omni.docker-compose.yml
@@ -26,11 +26,10 @@ services:
 
       # =====================================
       # Web Concurrency
-      WEB_GUNICORN: true
+      WEB_GUNICORN: "false"
       WORKERS_PER_CORE: 0.5
       MAX_WORKERS: 1
       WEB_CONCURRENCY: 1
-
       # =====================================
       # Email Configuration
       # SMTP_HOST=
diff --git a/docker/omni.entry.sh b/docker/omni.entry.sh
index 730cdbc9f..e53084d7b 100644
--- a/docker/omni.entry.sh
+++ b/docker/omni.entry.sh
@@ -46,12 +46,12 @@ init
 GUNICORN_PORT=${API_PORT:-9000}
 
 # Start API
-
-if [ "$WEB_GUNICORN" == 'true' ]; then
+hostip=`/sbin/ip route|awk '/default/ { print $3 }'`
+if [ "$WEB_GUNICORN" = 'true' ]; then
     echo "Starting Gunicorn"
-    gunicorn mealie.app:app -b 0.0.0.0:$GUNICORN_PORT -k uvicorn.workers.UvicornWorker -c /app/gunicorn_conf.py --preload &
+    gunicorn mealie.app:app -b 0.0.0.0:$GUNICORN_PORT --forwarded-allow-ips=$hostip -k uvicorn.workers.UvicornWorker -c /app/gunicorn_conf.py --preload &
 else
-    uvicorn mealie.app:app --host 0.0.0.0 --port $GUNICORN_PORT &
+    uvicorn mealie.app:app --host 0.0.0.0 --forwarded-allow-ips=$hostip --port $GUNICORN_PORT &
 fi
 
 # ------------------------------
diff --git a/docs/docs/documentation/getting-started/faq.md b/docs/docs/documentation/getting-started/faq.md
index 591e6362b..787944982 100644
--- a/docs/docs/documentation/getting-started/faq.md
+++ b/docs/docs/documentation/getting-started/faq.md
@@ -132,6 +132,15 @@ stateDiagram-v2
   p3 --> n1: No
 ```
 
+## Can I use fail2ban with mealie?
+Yes, mealie is configured to properly forward external IP addresses into the `mealie.log` logfile. Note that, due to restrictions in docker, IP address forwarding only works on linux.
+
+Your fail2ban usage should look like the following:
+```
+Use      datepattern : %d-%b-%y %H:%M:%S : Day-MON-Year2 24hour:Minute:Second
+Use   failregex line : ^ERROR:\s+Incorrect username or password from <HOST>
+```
+
 ## Why An API?
 An API allows integration into applications like [Home Assistant](https://www.home-assistant.io/) that can act as notification engines to provide custom notifications based of Meal Plan data to remind you to defrost the chicken, marinade the steak, or start the CrockPot. Additionally, you can access nearly any backend service via the API giving you total control to extend the application. To explore the API spin up your server and navigate to http://yourserver.com/docs for interactive API documentation.
 
diff --git a/frontend/nuxt.config.js b/frontend/nuxt.config.js
index 588311864..98148abee 100644
--- a/frontend/nuxt.config.js
+++ b/frontend/nuxt.config.js
@@ -295,10 +295,12 @@ export default {
       },
       changeOrigin: true,
       target: process.env.API_URL || "http://localhost:9000",
+      xfwd: true,
     },
     "/api": {
       changeOrigin: true,
       target: process.env.API_URL || "http://localhost:9000",
+      xfwd: true,
     },
   },
 
diff --git a/mealie/routes/auth/auth.py b/mealie/routes/auth/auth.py
index 682aee622..3a84cc7c7 100644
--- a/mealie/routes/auth/auth.py
+++ b/mealie/routes/auth/auth.py
@@ -52,15 +52,21 @@ class MealieAuthToken(BaseModel):
 def get_token(request: Request, data: CustomOAuth2Form = Depends(), session: Session = Depends(generate_session)):
     email = data.username
     password = data.password
+    if "x-forwarded-for" in request.headers:
+        ip = request.headers["x-forwarded-for"]
+        if "," in ip:  # if there are multiple IPs, the first one is canonically the true client
+            ip = str(ip.split(",")[0])
+    else:
+        ip = request.client.host
 
     try:
         user = authenticate_user(session, email, password)  # type: ignore
     except UserLockedOut as e:
-        logger.error(f"User is locked out from {request.client.host}")
+        logger.error(f"User is locked out from {ip}")
         raise HTTPException(status_code=status.HTTP_423_LOCKED, detail="User is locked out") from e
 
     if not user:
-        logger.error(f"Incorrect username or password from {request.client.host}")
+        logger.error(f"Incorrect username or password from {ip}")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
         )