kris/homelab
kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: kris:7522c333da4ec7f371faf174ea02c6e2eba400c7
Branches Tags
kris:main
kris:testing
kris:dockerbox_update
kris:HOST_IP
kris:gitea
kris:organize
kris:staticweb
kris:vagrantfile
kris:proxy_script
kris:master
kris:jellyfin
kris:traefik
kris:dockerbox_bullseye
kris:readme
kris:kutt
kris:mediawiki
kris:jekyll
kris:docs
..
compare: kris:cab6ab2d8ed5095f8f4a45329dba1b1094339de5
Branches Tags
kris:main
kris:testing
kris:dockerbox_update
kris:HOST_IP
kris:gitea
kris:organize
kris:staticweb
kris:vagrantfile
kris:proxy_script
kris:master
kris:jellyfin
kris:traefik
kris:dockerbox_bullseye
kris:readme
kris:kutt
kris:mediawiki
kris:jekyll
kris:docs

2 Commits
7522c333da ... cab6ab2d8e

Author SHA1 Message Date
Kris Lamoureux
cab6ab2d8e
Strip auth header and update external config 2022-08-19 00:51:05 -04:00
Kris Lamoureux
95f54b7f0a
Add Traefik toggles 2022-08-18 23:32:37 -04:00
6 changed files with 9 additions and 1 deletions
Show Stats Expand all files Collapse all files

1
dockerbox.yml
View File

@ -20,7 +20,6 @@
- docker - docker
- traefik - traefik
- nextcloud - nextcloud
- gitea
- jenkins - jenkins
- prometheus - prometheus
- nginx - nginx

1
roles/proxy/templates/server-nginx.conf.j2
View File

@ -31,6 +31,7 @@ server {
{% if item.restrict is defined and item.restrict %} {% if item.restrict is defined and item.restrict %}
auth_basic "{{ item.restrict_name | default('Restricted Access') }}"; auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }}; auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
proxy_set_header Authorization "";
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

2
roles/traefik/defaults/main.yml
View File

@ -3,8 +3,10 @@ traefik_dashboard: false
traefik_root: "/opt/{{ traefik_name }}" traefik_root: "/opt/{{ traefik_name }}"
traefik_localonly: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8" traefik_localonly: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8"
traefik_production: false traefik_production: false
traefik_hsts_enable: false
traefik_hsts_preload: false traefik_hsts_preload: false
traefik_hsts_seconds: 0 traefik_hsts_seconds: 0
traefik_http_redirect: false
traefik_ports: traefik_ports:
- "80:80" - "80:80"
- "443:443" - "443:443"

2
roles/traefik/templates/external.yml.j2
View File

@ -10,10 +10,12 @@ http:
{% elif item.middlewares is defined %} {% elif item.middlewares is defined %}
middlewares: "{{ item.middlewares }}" middlewares: "{{ item.middlewares }}"
{% endif %} {% endif %}
{% if traefik_acme_email is defined %}
tls: tls:
certResolver: letsencrypt certResolver: letsencrypt
domains: domains:
- main: "{{ item.domain }}" - main: "{{ item.domain }}"
{% endif %}
entryPoints: entryPoints:
- "websecure" - "websecure"
services: services:

2
roles/traefik/templates/security.yml.j2
View File

@ -11,6 +11,8 @@ http:
sslRedirect: true sslRedirect: true
browserXssFilter: true browserXssFilter: true
contentTypeNosniff: true contentTypeNosniff: true
{% if traefik_hsts_enable is defined and traefik_hsts_enable %}
stsPreload: {{ traefik_hsts_preload }} stsPreload: {{ traefik_hsts_preload }}
stsSeconds: {{ traefik_hsts_seconds }} stsSeconds: {{ traefik_hsts_seconds }}
{% endif %}
customFrameOptionsValue: SAMEORIGIN customFrameOptionsValue: SAMEORIGIN

2
roles/traefik/templates/traefik.yml.j2
View File

@ -10,12 +10,14 @@ providers:
entrypoints: entrypoints:
web: web:
address: ':80' address: ':80'
{% if traefik_http_redirect is defined and traefik_http_redirect %}
http: http:
redirections: redirections:
entrypoint: entrypoint:
to: websecure to: websecure
scheme: https scheme: https
permanent: true permanent: true
{% endif %}
websecure: websecure:
address: ':443' address: ':443'
http: http: