d5c7d94ac8
Run traefik as dockeruser, and without host networking
...
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
8d40a49780
Move traefik pages secret into full vault file
...
Trialing a new pattern for vault storage
2021-12-20 21:17:25 +00:00
4cdaba4692
Swap certificates for wildcards
2021-10-18 21:59:10 +01:00
4db474034e
Ignore my VMs from a fail2ban
2021-09-27 14:49:56 +01:00
48934ad2c5
Apply gzip to everything
...
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
0874158a91
Update traefik to 2.5
2021-08-22 11:16:37 +01:00
33fcf1a9e5
Fix matrix federation
...
Apparently this has been broken since like March...
It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
d751a023da
Promote GitLab to main git.
domain
2021-06-02 19:49:28 +01:00
e6d029e22e
Fix typo
...
D'oh!
2021-05-30 13:56:06 +01:00
69abafd8c8
Put GitLab on a real domain
2021-05-29 16:21:47 +01:00
03affd269f
FLoC Block
...
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
2021-04-18 22:30:26 +01:00
22d43c16a7
Correctly redirect http traffic to https
...
Bug caused by https://github.com/traefik/traefik/issues/8035
2021-04-06 11:56:05 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
...
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
6973fb536f
Add fail2ban for traefik
...
Remote action coming soon
2021-03-28 13:05:38 +01:00
8398a2df21
Use endpoint middleware rather than hacky router
2021-03-27 23:34:34 +00:00
1d997d3c33
Remove separate private and protected IP
2021-03-27 18:42:06 +00:00
116e1adb50
Disable Traefik pilot on dashboard
2021-03-24 23:14:01 +00:00
b264e5cbcc
Monitor traefik with prometheus rather than influxdb
2021-03-04 16:37:53 +00:00
ec0c78e6d9
Read emails from secrets
2021-02-14 12:29:14 +00:00
870ac50c58
Update compose path to not be absolute
...
This relies on `which` to find the correct binary instead
2021-02-07 15:59:18 +00:00
c7fba8107a
Move grafana to forrest
2021-01-31 16:52:24 +00:00
058290b321
Keep track of IPs for PVE hosts
...
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
0f9802a46c
Install duplicati on PVE docker machine
...
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
3321b852a5
Update traefik to v2.4
2021-01-20 20:33:57 +00:00
b992df0313
Fix variable name for traefik conditional provider
2021-01-16 23:30:09 +00:00
604202fdce
Add traefik pages
...
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA
2021-01-13 22:12:58 +00:00
fef7f2c2b4
Move docker containers to new PVE container
2021-01-09 18:02:17 +00:00
2300426f0f
Move default variables into role defaults rather than group vars
2020-12-28 16:23:12 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host
2020-12-28 15:55:45 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
...
This makes future composition possible
2020-12-22 15:53:03 +00:00
c63506d2bc
Pin traefik to patch version
2020-10-27 16:13:14 +00:00
6cfaa3a03a
Update traefik
2020-10-02 09:20:33 +01:00
5079599b9d
Require TLS 1.2
2020-09-27 12:36:49 +01:00
1ecfc5b7fa
Update traefik
2020-09-10 20:16:23 +01:00
ea54d1be69
Expose pages sites
2020-09-05 20:33:57 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik
2020-09-05 18:27:04 +01:00
ec751ffa1a
Add influxdb to monitor traefik
2020-08-30 15:58:03 +01:00
969b0bd8d9
Update traefik
...
Fixes GHSA-6qq8-5wq3-86rp
2020-07-30 21:46:44 +01:00
3c7c0ec3fa
GZIP plausible traffic
...
Plausible doesn't gzip for itself. Funnily enough the tracker is actually too small to be compressed by Traefik!
2020-07-22 12:18:49 +01:00
74d40ac915
Update traefik
2020-07-18 13:29:20 +01:00
7a38207ef0
Update traefik
2020-07-15 14:53:36 +01:00
bb5a5b61bd
Update traefik
2020-07-13 18:04:11 +01:00
3c49c80ff1
Ensure traefik only listens on wireguard network
2020-07-12 19:29:18 +01:00
86a398d6b4
Replace docker-compose restart hack with shell handler hack
...
The docker-compose integration would start 2 of the same container, which does bad things to things like databases!
2020-06-28 20:13:12 +01:00
fe5a5984c3
Remove container names from containers
...
They're not needed for anything, and caused annoying weird issues when cycling containers
2020-06-27 17:45:28 +01:00
e051db5e71
Remove obsolete middleware
2020-06-24 18:48:39 +01:00
f878866f10
Update yamllint
2020-06-18 20:49:12 +01:00
ca188ab1b4
Rename middleware
...
It's not actually applying a HSTS header
2020-06-13 21:09:48 +01:00
7dd31c0556
Allow nextcloud to be reached over internal SSL
...
This removes the need for a custom config, and means traefik is proxying HTTP2, which is nice
2020-05-24 19:21:17 +01:00