Swap certificates for wildcards

This commit is contained in:
Jake Howard 2021-10-18 21:59:10 +01:00
parent ebb571bf20
commit 4cdaba4692
Signed by: jake
GPG key ID: 57AFB45680EDD477
19 changed files with 9 additions and 28 deletions

View file

@ -12,7 +12,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.pages.rule=Host(`pages.theorangeone.net`) - traefik.http.routers.pages.rule=Host(`pages.theorangeone.net`)
- traefik.http.routers.pages.tls.certresolver=le
traefik-pages: traefik-pages:
image: ghcr.io/realorangeone/traefik-pages:latest image: ghcr.io/realorangeone/traefik-pages:latest

View file

@ -12,10 +12,8 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.plausible.rule=Host(`plausible.theorangeone.net`) - traefik.http.routers.plausible.rule=Host(`plausible.theorangeone.net`)
- traefik.http.services.plausible-plausible.loadbalancer.server.port=8000 # https://github.com/plausible/analytics/pull/237 - traefik.http.services.plausible-plausible.loadbalancer.server.port=8000 # https://github.com/plausible/analytics/pull/237
- traefik.http.routers.plausible.tls.certresolver=le
- traefik.http.routers.plausible-bare.rule=Host(`elbisualp.theorangeone.net`) - traefik.http.routers.plausible-bare.rule=Host(`elbisualp.theorangeone.net`)
- traefik.http.routers.plausible-bare.tls.certresolver=le
- traefik.http.routers.plausible-bare.service=plausible-plausible - traefik.http.routers.plausible-bare.service=plausible-plausible
# https://github.com/plausible/analytics/pull/340 # https://github.com/plausible/analytics/pull/340

View file

@ -12,4 +12,3 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.privatebin.rule=Host(`bin.theorangeone.net`) - traefik.http.routers.privatebin.rule=Host(`bin.theorangeone.net`)
- traefik.http.routers.privatebin.tls.certresolver=le

View file

@ -13,4 +13,3 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`) - traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`)
- traefik.http.routers.calibre.tls.certresolver=le

View file

@ -12,6 +12,5 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`) - traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)
- traefik.http.routers.librespeed.tls.certresolver=le
- traefik.http.routers.librespeed.middlewares=librespeed-auth@docker - traefik.http.routers.librespeed.middlewares=librespeed-auth@docker
- traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }} - traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}

View file

@ -22,7 +22,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`) - traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`)
- traefik.http.routers.nextcloud.tls.certresolver=le
- traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443 - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443
- traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https
- traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000 - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000

View file

@ -18,7 +18,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`) - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)
- traefik.http.routers.synapse.tls.certresolver=le
db: db:
image: postgres:12-alpine image: postgres:12-alpine
@ -42,6 +41,5 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.synapse-admin.rule=Host(`matrix.jakehoward.tech`) && PathPrefix(`/admin`) - traefik.http.routers.synapse-admin.rule=Host(`matrix.jakehoward.tech`) && PathPrefix(`/admin`)
- traefik.http.routers.synapse-admin.tls.certresolver=le
- traefik.http.middlewares.synapse-admin-path.stripprefix.prefixes=/admin - traefik.http.middlewares.synapse-admin-path.stripprefix.prefixes=/admin
- traefik.http.routers.synapse-admin.middlewares=synapse-admin-path@docker - traefik.http.routers.synapse-admin.middlewares=synapse-admin-path@docker

View file

@ -23,7 +23,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`) - traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`)
- traefik.http.routers.tt-rss.tls.certresolver=le
depends_on: depends_on:
- db - db
tmpfs: tmpfs:

View file

@ -13,7 +13,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)
- traefik.http.routers.wallabag.tls.certresolver=le
depends_on: depends_on:
- redis - redis

View file

@ -7,4 +7,3 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`) - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)
- traefik.http.routers.whoami.tls.certresolver=le

View file

@ -3,8 +3,6 @@ http:
router-gitlab: router-gitlab:
rule: Host(`git.theorangeone.net`) rule: Host(`git.theorangeone.net`)
service: service-gitlab service: service-gitlab
tls:
certResolver: le
services: services:
service-gitlab: service-gitlab:
loadBalancer: loadBalancer:

View file

@ -3,8 +3,6 @@ http:
router-grafana: router-grafana:
rule: Host(`grafana.jakehoward.tech`) rule: Host(`grafana.jakehoward.tech`)
service: service-grafana service: service-grafana
tls:
certResolver: le
services: services:
service-grafana: service-grafana:
loadBalancer: loadBalancer:

View file

@ -3,8 +3,6 @@ http:
router-homeassistant: router-homeassistant:
rule: Host(`homeassistant.jakehoward.tech`) rule: Host(`homeassistant.jakehoward.tech`)
service: service-homeassistant service: service-homeassistant
tls:
certResolver: le
services: services:
service-homeassistant: service-homeassistant:
loadBalancer: loadBalancer:

View file

@ -3,8 +3,6 @@ http:
router-jellyfin: router-jellyfin:
rule: Host(`media.jakehoward.tech`) rule: Host(`media.jakehoward.tech`)
service: service-jellyfin service: service-jellyfin
tls:
certResolver: le
services: services:
service-jellyfin: service-jellyfin:
loadBalancer: loadBalancer:

View file

@ -17,6 +17,15 @@ entryPoints:
middlewares: middlewares:
- floc-block@file - floc-block@file
- compress@file - compress@file
tls:
certresolver: le
domains:
- main: theorangeone.net
sans: "*.theorangeone.net"
- main: jakehoward.tech
sans: "*.jakehoward.tech"
- main: 0rng.one
sans: "*.0rng.one"
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ wireguard.cidr }}" - "{{ wireguard.cidr }}"

View file

@ -12,7 +12,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`) - traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`)
- traefik.http.routers.upload.tls.certresolver=le
img: img:
image: ghcr.io/realorangeone/static-server:latest image: ghcr.io/realorangeone/static-server:latest
@ -24,7 +23,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`) - traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`)
- traefik.http.routers.img.tls.certresolver=le
bg: bg:
image: ghcr.io/realorangeone/static-server:latest image: ghcr.io/realorangeone/static-server:latest
@ -37,7 +35,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`) - traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`)
- traefik.http.routers.bg.tls.certresolver=le
dl: dl:
image: ghcr.io/realorangeone/static-server:latest image: ghcr.io/realorangeone/static-server:latest
@ -49,4 +46,3 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`) - traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`)
- traefik.http.routers.dl.tls.certresolver=le

View file

@ -13,4 +13,3 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.uptime-kuma.rule=Host(`status.theorangeone.net`) - traefik.http.routers.uptime-kuma.rule=Host(`status.theorangeone.net`)
- traefik.http.routers.uptime-kuma.tls.certresolver=le

View file

@ -16,12 +16,10 @@ services:
- traefik.http.routers.vaultwarden-ui.rule=Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) - traefik.http.routers.vaultwarden-ui.rule=Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`)
- traefik.http.routers.vaultwarden-ui.service=vaultwarden-ui - traefik.http.routers.vaultwarden-ui.service=vaultwarden-ui
- traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80 - traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80
- traefik.http.routers.vaultwarden-ui.tls.certresolver=le
- traefik.http.routers.vaultwarden-websocket.rule=(Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) )&& Path(`/notifications/hub`) - traefik.http.routers.vaultwarden-websocket.rule=(Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) )&& Path(`/notifications/hub`)
- traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket
- traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012 - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
- traefik.http.routers.vaultwarden-websocket.tls.certresolver=le
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000

View file

@ -18,7 +18,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.yourls.rule=Host(`0rng.one`) - traefik.http.routers.yourls.rule=Host(`0rng.one`)
- traefik.http.routers.yourls.tls.certresolver=le
mariadb: mariadb:
image: mariadb:10.5 image: mariadb:10.5