Commit graph

54 commits

Author SHA1 Message Date
5b586f2608
Add container to extract TLS certs from traefik into standard format
Disable its network access, just in case
2022-06-13 21:18:45 +01:00
793506492f
No shenanigans by default
This causes strange problems with nextcloud
2022-03-23 19:30:22 +00:00
293aed0fd3
Enable GitLab registry 2022-02-25 21:48:13 +00:00
4562b60517
Update Traefik to 2.6 2022-02-08 08:55:50 +00:00
6db0500e1b
Provision remote f2b key with ansible 2022-01-21 22:11:49 +00:00
5cc552d0eb
Add container to automatically backup DBs 2022-01-16 17:51:03 +00:00
6c0314b758
Add an nginx container to do crazy things with traefik 2022-01-16 14:08:38 +00:00
d5c7d94ac8
Run traefik as dockeruser, and without host networking
This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!
2022-01-15 23:44:06 +00:00
4cdaba4692
Swap certificates for wildcards 2021-10-18 21:59:10 +01:00
4db474034e
Ignore my VMs from a fail2ban 2021-09-27 14:49:56 +01:00
48934ad2c5
Apply gzip to everything
The middleware is smart enough to only apply it when needed, and only when it's not already compressed, so it's fine.
2021-09-19 22:48:48 +01:00
0874158a91
Update traefik to 2.5 2021-08-22 11:16:37 +01:00
33fcf1a9e5
Fix matrix federation
Apparently this has been broken since like March...

It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
d751a023da
Promote GitLab to main git. domain 2021-06-02 19:49:28 +01:00
69abafd8c8
Put GitLab on a real domain 2021-05-29 16:21:47 +01:00
03affd269f
FLoC Block
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
2021-04-18 22:30:26 +01:00
22d43c16a7
Correctly redirect http traffic to https
Bug caused by https://github.com/traefik/traefik/issues/8035
2021-04-06 11:56:05 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
6973fb536f
Add fail2ban for traefik
Remote action coming soon
2021-03-28 13:05:38 +01:00
8398a2df21
Use endpoint middleware rather than hacky router 2021-03-27 23:34:34 +00:00
1d997d3c33
Remove separate private and protected IP 2021-03-27 18:42:06 +00:00
116e1adb50
Disable Traefik pilot on dashboard 2021-03-24 23:14:01 +00:00
b264e5cbcc
Monitor traefik with prometheus rather than influxdb 2021-03-04 16:37:53 +00:00
ec0c78e6d9
Read emails from secrets 2021-02-14 12:29:14 +00:00
c7fba8107a
Move grafana to forrest 2021-01-31 16:52:24 +00:00
058290b321
Keep track of IPs for PVE hosts
Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
0f9802a46c
Install duplicati on PVE docker machine
Requires some changes to how private IPs are specified, which I really need to clean up at some point!
2021-01-20 21:38:01 +00:00
3321b852a5
Update traefik to v2.4 2021-01-20 20:33:57 +00:00
604202fdce
Add traefik pages
Add it ready for the migration in future
2021-01-16 23:29:55 +00:00
e1ea938d59
Add file providers for jellyfin and HA 2021-01-13 22:12:58 +00:00
fef7f2c2b4
Move docker containers to new PVE container 2021-01-09 18:02:17 +00:00
bdfd38c9fe
Allow traefik to run on non-wireguard host 2020-12-28 15:55:45 +00:00
b11dbfc829
Move traefik file provider to use directory rather than single file
This makes future composition possible
2020-12-22 15:53:03 +00:00
c63506d2bc
Pin traefik to patch version 2020-10-27 16:13:14 +00:00
6cfaa3a03a
Update traefik 2020-10-02 09:20:33 +01:00
5079599b9d
Require TLS 1.2 2020-09-27 12:36:49 +01:00
1ecfc5b7fa
Update traefik 2020-09-10 20:16:23 +01:00
ea54d1be69
Expose pages sites 2020-09-05 20:33:57 +01:00
e9aeed26ee
Use cloudflare DNS challenge for Traefik 2020-09-05 18:27:04 +01:00
ec751ffa1a
Add influxdb to monitor traefik 2020-08-30 15:58:03 +01:00
969b0bd8d9
Update traefik
Fixes GHSA-6qq8-5wq3-86rp
2020-07-30 21:46:44 +01:00
3c7c0ec3fa
GZIP plausible traffic
Plausible doesn't gzip for itself. Funnily enough the tracker is actually too small to be compressed by Traefik!
2020-07-22 12:18:49 +01:00
74d40ac915
Update traefik 2020-07-18 13:29:20 +01:00
7a38207ef0
Update traefik 2020-07-15 14:53:36 +01:00
bb5a5b61bd
Update traefik 2020-07-13 18:04:11 +01:00
3c49c80ff1
Ensure traefik only listens on wireguard network 2020-07-12 19:29:18 +01:00
fe5a5984c3
Remove container names from containers
They're not needed for anything, and caused annoying weird issues when cycling containers
2020-06-27 17:45:28 +01:00
e051db5e71
Remove obsolete middleware 2020-06-24 18:48:39 +01:00
f878866f10
Update yamllint 2020-06-18 20:49:12 +01:00
ca188ab1b4
Rename middleware
It's not actually applying a HSTS header
2020-06-13 21:09:48 +01:00