diff --git a/docker-compose/gramps/docker-compose.yml.j2 b/docker-compose/gramps/docker-compose.yml.j2 index 597a3dce..91e4d925 100644 --- a/docker-compose/gramps/docker-compose.yml.j2 +++ b/docker-compose/gramps/docker-compose.yml.j2 @@ -62,5 +62,3 @@ volumes: gramps_db: gramps_media: gramps_tmp: - -# checkliste diff --git a/docker-compose/minio/docker-compose.yml.j2 b/docker-compose/minio/docker-compose.yml.j2 index 39d2b830..e1da6f25 100644 --- a/docker-compose/minio/docker-compose.yml.j2 +++ b/docker-compose/minio/docker-compose.yml.j2 @@ -1,11 +1,11 @@ services: minio: - image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438 + image: minio/minio:latest # TODO: add to renovate; https://github.com/renovatebot/renovate/issues/2438 container_name: minio restart: unless-stopped pull_policy: missing ports: - # - '9000:9000' # S3 + # - '9000:9000' # S3, nur über traefik - '9001:9001' # WebUI networks: - traefik @@ -30,17 +30,6 @@ services: traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt traefik.http.routers.minio-s3.entrypoints: entry_https traefik.http.services.minio-s3.loadbalancer.server.port: 9000 - # WebUI - # traefik.http.routers.minio-ui.service: minio-ui - # traefik.http.routers.minio-ui.priority: "20" - # traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`) - # traefik.http.routers.minio-ui.tls: true - # traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt - # traefik.http.routers.minio-ui.entrypoints: entry_https - # traefik.http.services.minio-ui.loadbalancer.server.port: 9001 - # traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder - # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24 - # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth ######## Networks ######## networks: diff --git a/docker-compose/registry/docker-compose.yml.j2 b/docker-compose/registry/docker-compose.yml.j2 index 6dda59a6..5d59adb1 100644 --- a/docker-compose/registry/docker-compose.yml.j2 +++ b/docker-compose/registry/docker-compose.yml.j2 @@ -38,10 +38,7 @@ services: traefik.http.routers.registry.entrypoints: entry_https traefik.http.services.registry.loadbalancer.server.port: 5000 - traefik.http.routers.registry.middlewares: registry-ipallowlist - - traefik.http.middlewares.registry-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker - traefik.http.middlewares.registry-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth + traefik.http.routers.registry.middlewares: allowlist_localnet@file,ratelimit40@file # registry aufräumen: docker exec -it oci-registry /bin/registry garbage-collect /etc/docker/registry/config.yml @@ -92,16 +89,13 @@ services: retries: 3 labels: traefik.http.routers.registry-ui.rule: Host(`rui.mgrote.net`) - traefik.http.routers.registry-ui.middlewares: authelia,registry-ui-ipallowlist # also entferne den Prefix danach wieder + traefik.http.routers.registry-ui.middlewares: allowlist_localnet@file,ratelimit40@file,authelia@docker traefik.enable: true traefik.http.routers.registry-ui.tls: true traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt traefik.http.routers.registry-ui.entrypoints: entry_https traefik.http.services.registry-ui.loadbalancer.server.port: 80 - traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # .48. ist Docker - traefik.http.middlewares.registry-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth - ######## Networks ######## networks: traefik: diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml index 5ee6e198..081918fc 100644 --- a/docker-compose/traefik/file-provider.yml +++ b/docker-compose/traefik/file-provider.yml @@ -6,7 +6,7 @@ http: rule: "Host(`git.mgrote.net`)" service: "service_forgejo" middlewares: - - "ratelimit" + - "ratelimit40@file" entrypoints: - entry_https tls: @@ -19,10 +19,19 @@ http: - url: "http://forgejo.mgrote.net:3000/" ###### middlewares ##### middlewares: - ratelimit: + ratelimit40: rateLimit: average: 40 burst: 80 sourceCriterion: ipStrategy: depth: 2 + allowlist_localnet: + ipallowlist: + sourcerange: + - 192.168.2.0/24 + - 10.25.25.0/24 + - 192.168.48.0/24 # docker + #- 172.18.0.0/16 # ??? + ipstrategy: + depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth diff --git a/docker-compose/traefik/traefik.yml b/docker-compose/traefik/traefik.yml index a7e97548..4db15bc0 100644 --- a/docker-compose/traefik/traefik.yml +++ b/docker-compose/traefik/traefik.yml @@ -31,7 +31,7 @@ certificatesResolvers: tlsChallenge: true log: - level: INFO + level: INFO # TRACE , DEBUG , INFO , WARN , ERROR , FATAL , PANIC accessLog: {} diff --git a/docker-compose/wiki/docker-compose.yml.j2 b/docker-compose/wiki/docker-compose.yml.j2 index 6bc7930b..4b1c26f3 100644 --- a/docker-compose/wiki/docker-compose.yml.j2 +++ b/docker-compose/wiki/docker-compose.yml.j2 @@ -26,7 +26,7 @@ services: traefik.http.routers.wiki.entrypoints: entry_https traefik.http.services.wiki.loadbalancer.server.port: 80 - traefik.http.routers.wiki.middlewares: authelia + traefik.http.routers.wiki.middlewares: authelia@docker ######## Networks ######## networks: