only expose treafik dashboard on private networks

This commit is contained in:
Pim Kunis 2023-01-31 09:51:50 +01:00
parent 1a2a60e719
commit 3f7ea3db7e
5 changed files with 9 additions and 19 deletions

View file

@ -31,10 +31,10 @@ All services below are running under Docker, except NSD and Borg.
## TODO ## TODO
- Forward to https not working correctly yet. I think it works now? Should check it.
- Expose treafik dashboard only on local network
- Clear view of what services + which versions we are running. This way, we can track security updates better. - Clear view of what services + which versions we are running. This way, we can track security updates better.
- Mastodon links verifications - Delegate pim.kunis.nl to my server
- Host tobb website?
- Move from Ubuntu to Debian
### NSD ### NSD

4
roles/blog/meta/main.yml Normal file
View file

@ -0,0 +1,4 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,9 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
33333836626532396564616664353836636164386437323234333464336432663266663038313138
3563663134333236366433636134653965393932343362360a306236343538663836633761353262
65353961376230333530616465353735626232373132613635653162353634353865386638633365
3762636464663532360a633162646365653764666563383632393738343931656366343336653437
36656535346432313036323433396432303563663836303964643731326364306530636332346163
36353034366562386664376565316339616466323133303464326637366432623164666332313762
38663138613534363361376161376363666134336466303436643035356438303832333639373266
62313730633763633066

View file

@ -20,10 +20,6 @@
copy: copy:
src: "{{ role_path }}/files/services.toml" src: "{{ role_path }}/files/services.toml"
dest: "{{ service_dir }}/services.toml" dest: "{{ service_dir }}/services.toml"
- name: Copy basic_auth_users file
copy:
src: "{{ role_path }}/files/basic_auth_users"
dest: "{{ service_dir }}/basic_auth_users"
- name: Create traefik network - name: Create traefik network
docker_network: docker_network:
name: "traefik" name: "traefik"

View file

@ -18,7 +18,6 @@ services:
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
- {{ service_dir }}/services.toml:/etc/traefik/services.toml - {{ service_dir }}/services.toml:/etc/traefik/services.toml
- {{ service_dir }}/acme.json:/acme.json - {{ service_dir }}/acme.json:/acme.json
- {{ service_dir }}/basic_auth_users:/basic_auth_users
networks: networks:
- traefik - traefik
labels: labels:
@ -35,5 +34,5 @@ services:
- traefik.http.routers.traefik.tls=true - traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=pizzapim - traefik.http.routers.traefik.tls.certresolver=pizzapim
- traefik.http.routers.traefik.service=api@internal - traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=basic-auth - traefik.http.routers.traefik.middlewares=whitelist-local
- traefik.http.middlewares.basic-auth.basicauth.usersfile=/basic_auth_users - "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"