mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Compare commits

base: mg:977b66495ad5b27d186457a686796ad5556cae52
Branches Tags
mg:master
mg:traefik_ldap_dashboard
mg:munin_authelia
mg:drs3
mg:www
mg:fr2
mg:usermodule
mg:loki
...
compare: mg:684557639ee9c78dbaaf491e338a15de7f16afe3
Branches Tags
mg:master
mg:traefik_ldap_dashboard
mg:munin_authelia
mg:drs3
mg:www
mg:fr2
mg:usermodule
mg:loki

3 commits
977b66495a ... 684557639e

Author SHA1 Message Date
Michael Grote
684557639e list uber file
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 3s
Details
ansible-lint / Ansible Lint (pull_request) Successful in 34s
Details
2024-11-10 17:38:36 +01:00
Michael Grote
8194e4bd98 reatelimit 2024-11-10 17:34:10 +01:00
Michael Grote
d3c4c7402f d 2024-11-10 17:33:53 +01:00
4 changed files with 15 additions and 25 deletions
Show stats Expand all files Collapse all files

2
docker-compose/gramps/docker-compose.yml.j2
View file

@ -62,5 +62,3 @@ volumes:
gramps_db: gramps_db:
gramps_media: gramps_media:
gramps_tmp: gramps_tmp:
# checkliste

15
docker-compose/minio/docker-compose.yml.j2
View file

@ -1,11 +1,11 @@
services: services:
minio: minio:
image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438 image: minio/minio:latest # TODO: add to renovate; https://github.com/renovatebot/renovate/issues/2438
container_name: minio container_name: minio
restart: unless-stopped restart: unless-stopped
pull_policy: missing pull_policy: missing
ports: ports:
# - '9000:9000' # S3 # - '9000:9000' # S3, nur über traefik
- '9001:9001' # WebUI - '9001:9001' # WebUI
networks: networks:
- traefik - traefik
@ -30,17 +30,6 @@ services:
traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt
traefik.http.routers.minio-s3.entrypoints: entry_https traefik.http.routers.minio-s3.entrypoints: entry_https
traefik.http.services.minio-s3.loadbalancer.server.port: 9000 traefik.http.services.minio-s3.loadbalancer.server.port: 9000
# WebUI
# traefik.http.routers.minio-ui.service: minio-ui
# traefik.http.routers.minio-ui.priority: "20"
# traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`)
# traefik.http.routers.minio-ui.tls: true
# traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt
# traefik.http.routers.minio-ui.entrypoints: entry_https
# traefik.http.services.minio-ui.loadbalancer.server.port: 9001
# traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
######## Networks ######## ######## Networks ########
networks: networks:

10
docker-compose/registry/docker-compose.yml.j2
View file

@ -38,10 +38,7 @@ services:
traefik.http.routers.registry.entrypoints: entry_https traefik.http.routers.registry.entrypoints: entry_https
traefik.http.services.registry.loadbalancer.server.port: 5000 traefik.http.services.registry.loadbalancer.server.port: 5000
traefik.http.routers.registry.middlewares: registry-ipallowlist traefik.http.routers.registry.middlewares: registry-ipallowlist,ratelimit40,allowlist_localnet
traefik.http.middlewares.registry-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker
traefik.http.middlewares.registry-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
# registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect /etc/docker/registry/config.yml # registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect /etc/docker/registry/config.yml
@ -92,16 +89,13 @@ services:
retries: 3 retries: 3
labels: labels:
traefik.http.routers.registry-ui.rule: Host(`rui.mgrote.net`) traefik.http.routers.registry-ui.rule: Host(`rui.mgrote.net`)
traefik.http.routers.registry-ui.middlewares: authelia,registry-ui-ipallowlist # also entferne den Prefix danach wieder traefik.http.routers.registry-ui.middlewares: authelia,allowlist_localnet,ratelimit40
traefik.enable: true traefik.enable: true
traefik.http.routers.registry-ui.tls: true traefik.http.routers.registry-ui.tls: true
traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt
traefik.http.routers.registry-ui.entrypoints: entry_https traefik.http.routers.registry-ui.entrypoints: entry_https
traefik.http.services.registry-ui.loadbalancer.server.port: 80 traefik.http.services.registry-ui.loadbalancer.server.port: 80
traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # .48. ist Docker
traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
######## Networks ######## ######## Networks ########
networks: networks:
traefik: traefik:

13
docker-compose/traefik/file-provider.yml
View file

@ -6,7 +6,7 @@ http:
rule: "Host(`git.mgrote.net`)" rule: "Host(`git.mgrote.net`)"
service: "service_forgejo" service: "service_forgejo"
middlewares: middlewares:
- "ratelimit" - "ratelimit40"
entrypoints: entrypoints:
- entry_https - entry_https
tls: tls:
@ -19,10 +19,19 @@ http:
- url: "http://forgejo.mgrote.net:3000/" - url: "http://forgejo.mgrote.net:3000/"
###### middlewares ##### ###### middlewares #####
middlewares: middlewares:
ratelimit: ratelimit40:
rateLimit: rateLimit:
average: 40 average: 40
burst: 80 burst: 80
sourceCriterion: sourceCriterion:
ipStrategy: ipStrategy:
depth: 2 depth: 2
allowlist_localnet:
ipallowlist:
sourcerange:
- 192.168.2.0/24
- 10.25.25.0/24
- 192.168.48.0/24 # docker
#- 172.18.0.0/16 # ???
ipstrategy:
depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth