FunctionalHacker/dotfiles
FunctionalHacker/dotfiles
2
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

Enable http3 for all services, use central certResolver config

Browse source
This commit is contained in:
Marko Korhonen 2021-08-30 16:08:38 +03:00
parent bb848dc70f
commit 1afe0f59cf
10 changed files with 6 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docker/freshrss/docker-compose.yaml
View file

@ -27,8 +27,6 @@ services:
- "traefik.http.routers.freshrss.entrypoints=https"
- "traefik.http.routers.freshrss.rule=Host(`rss.korhonen.cc`)"
- "traefik.http.routers.freshrss.tls=true"
- "traefik.http.routers.freshrss.tls.certresolver=http"
- "traefik.http.routers.freshrss.service=freshrss"
- "traefik.docker.network=proxy"
- "traefik.http.services.freshrss.loadbalancer.server.port=80"
@ -53,8 +51,6 @@ services:
- "traefik.http.routers.bibliogram.entrypoints=https"
- "traefik.http.routers.bibliogram.rule=Host(`bibliogram.korhonen.cc`)"
- "traefik.http.routers.bibliogram.tls=true"
- "traefik.http.routers.bibliogram.tls.certresolver=http"
- "traefik.http.routers.bibliogram.service=bibliogram"
- "traefik.docker.network=proxy"
- "traefik.http.services.bibliogram.loadbalancer.server.port=10407"

2
docker/gitea/docker-compose.yaml
View file

@ -28,8 +28,6 @@ services:
- "traefik.http.routers.gitea.entrypoints=https"
- "traefik.http.routers.gitea.rule=Host(`git.korhonen.cc`)"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.tls.certresolver=http"
- "traefik.http.routers.gitea.service=gitea"
- "traefik.docker.network=proxy"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"

4
docker/homeautomation/docker-compose.yaml
View file

@ -30,8 +30,6 @@ services:
- "traefik.http.routers.home-assistant.entrypoints=https"
- "traefik.http.routers.home-assistant.rule=Host(`home.korhonen.cc`)"
- "traefik.http.routers.home-assistant.tls=true"
- "traefik.http.routers.home-assistant.tls.certresolver=http"
- "traefik.http.routers.home-assistant.service=home-assistant"
- "traefik.docker.network=proxy"
- "traefik.http.services.home-assistant.loadbalancer.server.port=8123"
@ -94,8 +92,6 @@ services:
- "traefik.http.routers.node-red.entrypoints=https"
- "traefik.http.routers.node-red.rule=Host(`node.korhonen.cc`)"
- "traefik.http.routers.node-red.tls=true"
- "traefik.http.routers.node-red.tls.certresolver=http"
- "traefik.http.routers.node-red.service=node-red"
- "traefik.docker.network=proxy"
- "traefik.http.services.node-red.loadbalancer.server.port=1880"

2
docker/index.korhonen.cc/docker-compose.yaml
View file

@ -22,8 +22,6 @@ services:
- "traefik.http.routers.index.entrypoints=https"
- "traefik.http.routers.index.rule=Host(`index.korhonen.cc`)"
- "traefik.http.routers.index.tls=true"
- "traefik.http.routers.index.tls.certresolver=http"
- "traefik.http.routers.index.service=index"
- "traefik.docker.network=proxy"
- "traefik.http.services.index.loadbalancer.server.port=80"

2
docker/jellyfin/docker-compose.yaml
View file

@ -29,8 +29,6 @@ services:
- "traefik.http.routers.jellyfin.entrypoints=https"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.korhonen.cc`)"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=http"
- "traefik.http.routers.jellyfin.service=jellyfin"
- "traefik.docker.network=proxy"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"

2
docker/nextcloud/docker-compose.yaml
View file

@ -33,8 +33,6 @@ services:
- "traefik.http.routers.nextcloud.entrypoints=https"
- "traefik.http.routers.nextcloud.rule=Host(`cloud.korhonen.cc`)"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=http"
- "traefik.http.routers.nextcloud.service=nextcloud"
- "traefik.docker.network=proxy"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"

2
docker/pihole/docker-compose.yaml
View file

@ -35,8 +35,6 @@ services:
- "traefik.http.routers.pihole.entrypoints=https"
- "traefik.http.routers.pihole.rule=Host(`pihole.korhonen.cc`)"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.routers.pihole.tls.certresolver=http"
- "traefik.http.routers.pihole.service=pihole"
- "traefik.docker.network=proxy"
- "traefik.http.services.pihole.loadbalancer.server.port=80"

7
docker/traefik/docker-compose.yaml
View file

@ -7,7 +7,8 @@ services:
restart: unless-stopped
ports:
- '80:80'
- '443:443'
- '443:443/tcp'
- '443:443/udp'
environment:
- TZ=Europe/Helsinki
security_opt:
@ -22,8 +23,8 @@ services:
- /docker/traefik/traefik/acme.json:/acme.json
- /docker/traefik/traefik/log:/var/log
labels:
# Serve dashboard
- 'traefik.enable=true'
- 'traefik.http.routers.redirect.entrypoints=http'
- 'traefik.http.routers.redirect.rule=Host(`traefik.korhonen.cc`)'
- 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
@ -33,8 +34,6 @@ services:
- 'traefik.http.routers.dashboard.rule=Host(`traefik.korhonen.cc`)'
- 'traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users'
- 'traefik.http.routers.dashboard.middlewares=dashboard-auth'
- 'traefik.http.routers.dashboard.tls=true'
- 'traefik.http.routers.dashboard.tls.certresolver=http'
- 'traefik.http.routers.dashboard.service=api@internal'
fail2ban:

2
docker/tvheadend/docker-compose.yaml
View file

@ -31,8 +31,6 @@ services:
- "traefik.http.routers.tvheadend.entrypoints=https"
- "traefik.http.routers.tvheadend.rule=Host(`tvheadend.korhonen.cc`)"
- "traefik.http.routers.tvheadend.tls=true"
- "traefik.http.routers.tvheadend.tls.certresolver=http"
- "traefik.http.routers.tvheadend.service=tvheadend"
- "traefik.docker.network=proxy"
- "traefik.http.services.tvheadend.loadbalancer.server.port=9981"

3
root/etc/ssh/sshd_config
View file

@ -1,6 +1,9 @@
# Remove socket for gpg agent forwarding
StreamLocalBindUnlink yes
{%@@ if profile == "Moria" @@%}
Port 221
{%@@ endif @@%}
X11Forwarding yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no