From 84521ec8a94bff014cb32357e83c89f915d369a9 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 23 Aug 2023 18:04:32 +0200 Subject: [PATCH 1/2] use host ports for traefik which allows to see the real client's IP --- ansible/roles/traefik/docker-stack.yml.j2 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2 index 7761c6b..95e8b60 100644 --- a/ansible/roles/traefik/docker-stack.yml.j2 +++ b/ansible/roles/traefik/docker-stack.yml.j2 @@ -23,9 +23,18 @@ services: networks: - traefik ports: - - 443:443 - - 80:80 - - 444:444 + - mode: host + protocol: tcp + published: 443 + target: 443 + - mode: host + protocol: tcp + published: 80 + target: 80 + - mode: host + protocol: tcp + published: 444 + target: 444 deploy: placement: constraints: From 59db3b2fb7d2ea29c1f67c7cf478d9e183f9258b Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 23 Aug 2023 18:05:07 +0200 Subject: [PATCH 2/2] add forwarded-for header for forgejo --- ansible/roles/forgejo/docker-stack.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/forgejo/docker-stack.yml.j2 b/ansible/roles/forgejo/docker-stack.yml.j2 index 43acade..fe4dd53 100644 --- a/ansible/roles/forgejo/docker-stack.yml.j2 +++ b/ansible/roles/forgejo/docker-stack.yml.j2 @@ -49,6 +49,8 @@ services: - traefik.http.routers.forgejo.service=forgejo - traefik.http.services.forgejo.loadbalancer.server.port=3000 - traefik.docker.network=traefik + - traefik.http.middlewares.set-forwarded-for.headers.hostsProxyHeaders=X-Forwarded-For + - traefik.http.routers.forgejo.middlewares=set-forwarded-for configs: - source: config target: /data/gitea/conf/app.ini