only expose treafik dashboard on private networks
This commit is contained in:
parent
1a2a60e719
commit
3f7ea3db7e
5 changed files with 9 additions and 19 deletions
|
@ -31,10 +31,10 @@ All services below are running under Docker, except NSD and Borg.
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
- Forward to https not working correctly yet. I think it works now? Should check it.
|
|
||||||
- Expose treafik dashboard only on local network
|
|
||||||
- Clear view of what services + which versions we are running. This way, we can track security updates better.
|
- Clear view of what services + which versions we are running. This way, we can track security updates better.
|
||||||
- Mastodon links verifications
|
- Delegate pim.kunis.nl to my server
|
||||||
|
- Host tobb website?
|
||||||
|
- Move from Ubuntu to Debian
|
||||||
|
|
||||||
### NSD
|
### NSD
|
||||||
|
|
||||||
|
|
4
roles/blog/meta/main.yml
Normal file
4
roles/blog/meta/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
dependencies:
|
||||||
|
- role: common
|
||||||
|
- role: docker
|
||||||
|
- role: traefik
|
|
@ -1,9 +0,0 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33333836626532396564616664353836636164386437323234333464336432663266663038313138
|
|
||||||
3563663134333236366433636134653965393932343362360a306236343538663836633761353262
|
|
||||||
65353961376230333530616465353735626232373132613635653162353634353865386638633365
|
|
||||||
3762636464663532360a633162646365653764666563383632393738343931656366343336653437
|
|
||||||
36656535346432313036323433396432303563663836303964643731326364306530636332346163
|
|
||||||
36353034366562386664376565316339616466323133303464326637366432623164666332313762
|
|
||||||
38663138613534363361376161376363666134336466303436643035356438303832333639373266
|
|
||||||
62313730633763633066
|
|
|
@ -20,10 +20,6 @@
|
||||||
copy:
|
copy:
|
||||||
src: "{{ role_path }}/files/services.toml"
|
src: "{{ role_path }}/files/services.toml"
|
||||||
dest: "{{ service_dir }}/services.toml"
|
dest: "{{ service_dir }}/services.toml"
|
||||||
- name: Copy basic_auth_users file
|
|
||||||
copy:
|
|
||||||
src: "{{ role_path }}/files/basic_auth_users"
|
|
||||||
dest: "{{ service_dir }}/basic_auth_users"
|
|
||||||
- name: Create traefik network
|
- name: Create traefik network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: "traefik"
|
name: "traefik"
|
||||||
|
|
|
@ -18,7 +18,6 @@ services:
|
||||||
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
|
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
|
||||||
- {{ service_dir }}/services.toml:/etc/traefik/services.toml
|
- {{ service_dir }}/services.toml:/etc/traefik/services.toml
|
||||||
- {{ service_dir }}/acme.json:/acme.json
|
- {{ service_dir }}/acme.json:/acme.json
|
||||||
- {{ service_dir }}/basic_auth_users:/basic_auth_users
|
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik
|
||||||
labels:
|
labels:
|
||||||
|
@ -35,5 +34,5 @@ services:
|
||||||
- traefik.http.routers.traefik.tls=true
|
- traefik.http.routers.traefik.tls=true
|
||||||
- traefik.http.routers.traefik.tls.certresolver=pizzapim
|
- traefik.http.routers.traefik.tls.certresolver=pizzapim
|
||||||
- traefik.http.routers.traefik.service=api@internal
|
- traefik.http.routers.traefik.service=api@internal
|
||||||
- traefik.http.routers.traefik.middlewares=basic-auth
|
- traefik.http.routers.traefik.middlewares=whitelist-local
|
||||||
- traefik.http.middlewares.basic-auth.basicauth.usersfile=/basic_auth_users
|
- "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"
|
||||||
|
|
Reference in a new issue