Skip to content

Commit

Permalink
* Several updates 2024_01_30. See full commit log.
Browse files Browse the repository at this point in the history 
* Remove HTTPS redirect scheme middleware. Not used and redirects handled globally with CLI commands.
* Changed entrypoint names from http/https to web/websecure to align with several online documentation.
* Updated readme.
* Changed basic auth secret from htpassd to basic_auth_credentials (just easier to understand)
  • Loading branch information
@SimpleHomelab
SimpleHomelab committed Jan 30, 2024
1 parent 546bf74 commit ed05d1e
Show file tree
Hide file tree
Showing 91 changed files with 484 additions and 520 deletions.
157 changes: 81 additions & 76 deletions README.md
View file

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion appdata/traefik2/rules/ds918/chain-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-basic-auth
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ds918/chain-no-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,5 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ds918/chain-oauth-external.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth-external
- middlewares-compress
Expand Down
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ds918/chain-oauth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth
- middlewares-compress
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/ds918/middlewares-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ http:
basicAuth:
# users:
# - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
usersFile: "/run/secrets/htpasswd" #be sure to mount the volume through docker-compose.yml
usersFile: "/run/secrets/basic_auth_credentials"
realm: "Traefik 2 Basic Auth"
6 changes: 0 additions & 6 deletions appdata/traefik2/rules/ds918/middlewares-https-redirectscheme.yml
View file

This file was deleted.

2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-adguard-home-authelia.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
adguard-rtr:
rule: "Host(`ag.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-authelia
service: adguard-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-adguard-home-oauth.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
adguard-rtr:
rule: "Host(`ag.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-oauth
service: adguard-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-haos-no-auth.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
haos-rtr:
rule: "Host(`haos.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-no-auth
service: haos-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-pihole-oauth.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
pihole-rtr:
rule: "Host(`pihole.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-oauth
- pihole-add-admin
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-plex-no-auth.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
splex-rtr:
rule: "Host(`splex.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-oauth
service: splex-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-proxmox-ve-oauth.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
proxmox-rtr:
rule: "Host(`pve.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-oauth
service: proxmox-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-second-domain-passthrough.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tcp:
routers:
synology-traefik-rtr:
entryPoints:
- "https"
- websecure
rule: "HostSNIRegexp(`{{env "DOMAINNAME_DS918"}}`, `{subdomain:[a-z]+}.{{env "DOMAINNAME_DS918"}}`)"
service: synology-traefik-svc
tls:
Expand Down
4 changes: 2 additions & 2 deletions appdata/traefik2/rules/hs/app-tautulli-with-auth-bypass.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ http:
rule: "Host(`tautulli.{{env "DOMAINNAME_HS"}}`)"
priority: 99
entryPoints:
- https
- websecure
middlewares:
- chain-oauth
service: tautulli-svc
Expand All @@ -13,7 +13,7 @@ http:
rule: "Host(`tautulli.$DOMAINNAME_HS`) && (Headers(`X-Api-Key`, `$TAUTULLI_API_KEY`) || Query(`apikey`, `$TAUTULLI_API_KEY`))"
priority: 100
entryPoints:
- https
- websecure
middlewares:
- chain-no-auth
service: tautulli-svc
Expand Down
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/hs/app-unifi-controller-authelia.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ http:
unifi-rtr:
rule: "Host(`unifi.{{env "DOMAINNAME_HS"}}`)"
entryPoints:
- https
- websecure
middlewares:
- chain-authelia
service: unifi-svc
Expand Down
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-authelia.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-authelia
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-basic-auth
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-no-auth-no-crowdsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,5 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-no-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,5 @@ http:
middlewares:
#- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-oauth-external.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth-external
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-oauth-no-crowdsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth
#- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/hs/chain-oauth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
#- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth
- middlewares-compress
4 changes: 2 additions & 2 deletions appdata/traefik2/rules/hs/middlewares-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ http:
basicAuth:
# users:
# - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
usersFile: "/shared/.htpasswd" #be sure to mount the volume through docker-compose.yml
realm: "Traefik 2 Basic Auth"
usersFile: "/run/secrets/basic_auth_credentials"
realm: "Traefik 2 Basic Auth"
6 changes: 0 additions & 6 deletions appdata/traefik2/rules/hs/middlewares-https-redirectscheme.yml
View file

This file was deleted.

1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-authelia-wp.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers-wp
- middlewares-authelia
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-authelia.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-authelia
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-basic-auth
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-no-auth-crowdsec-wp.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,5 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers-wp
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-no-auth-wp.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,5 @@ http:
middlewares:
# - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers-wp
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-no-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,5 @@ http:
middlewares:
# - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-oauth-no-crowdsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ http:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers-wp
- middlewares-oauth
- middlewares-compress
1 change: 0 additions & 1 deletion appdata/traefik2/rules/ws/chain-oauth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ http:
middlewares:
- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth
- middlewares-compress
2 changes: 1 addition & 1 deletion appdata/traefik2/rules/ws/middlewares-basic-auth.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ http:
basicAuth:
# users:
# - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
usersFile: "/run/secrets/htpasswd" #be sure to mount the volume through docker-compose.yml
usersFile: "/run/secrets/basic_auth_credentials"
realm: "Traefik 2 Basic Auth"
6 changes: 0 additions & 6 deletions appdata/traefik2/rules/ws/middlewares-https-redirectscheme.yml
View file

This file was deleted.

22 changes: 22 additions & 0 deletions compose/archives/heimdall.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Heimdall - Application Dashboard
heimdall:
<<: *common-keys-core # See EXTENSION FIELDS at the top
image: lscr.io/linuxserver/heimdall
container_name: heimdall
# ports:
# - "$HEIMDALL_PORT:80" # 80 to 82 already taken by other services
# - "444:443" # 443 used by Traefik/Nginx Proxy Manager. Disabled because we will put Heimdall behind proxy.
volumes:
- $DOCKERDIR/appdata/heimdall:/config
environment:
<<: *default-tz-puid-pgid
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.heimdall-rtr.entrypoints=https"
- "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
- "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
36 changes: 22 additions & 14 deletions compose/archives/homepage.yml
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,30 @@
# Heimdall - Application Dashboard
heimdall:
<<: *common-keys-core # See EXTENSION FIELDS at the top
image: lscr.io/linuxserver/heimdall
container_name: heimdall
services:
# Homepage - Application Dashboard
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["apps", "all"]
networks:
- t2_proxy
- socket_proxy
# ports:
# - "$HEIMDALL_PORT:80" # 80 to 82 already taken by other services
# - "444:443" # 443 used by Traefik/Nginx Proxy Manager. Disabled because we will put Heimdall behind proxy.
# - "3000:3000"
volumes:
- $DOCKERDIR/appdata/heimdall:/config
- $DOCKERDIR/appdata/homepage:/app/config
environment:
<<: *default-tz-puid-pgid
TZ: $TZ
PUID: $PUID
PGID: $PGID
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.heimdall-rtr.entrypoints=https"
- "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
- "traefik.http.routers.homepage-rtr.entrypoints=websecure"
- "traefik.http.routers.homepage-rtr.rule=Host(`$DOMAINNAME_1`,`www.$DOMAINNAME_1`)" # Both domain.com and www.domain.com
## Middlewares
- "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
- "traefik.http.routers.homepage-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
- "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
- "traefik.http.routers.homepage-rtr.service=homepage-svc"
- "traefik.http.services.homepage-svc.loadbalancer.server.port=3000"
8 changes: 4 additions & 4 deletions compose/ds918/glances.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ services:
# privileged: true # Only for VM
# network_mode: host
networks:
- t2_proxy
- traefik_proxy
- socket_proxy
- default
ports:
Expand All @@ -28,11 +28,11 @@ services:
DOCKER_HOST: tcp://socket-proxy:2375
labels:
- "traefik.enable=true"
## HTTP Routers
# HTTP Routers
- "traefik.http.routers.glances-rtr.entrypoints=https"
- "traefik.http.routers.glances-rtr.rule=Host(`glances.$DOMAINNAME_DS918`)"
## Middlewares
# Middlewares
- "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file"
## HTTP Services
# HTTP Services
- "traefik.http.routers.glances-rtr.service=glances-svc"
- "traefik.http.services.glances-svc.loadbalancer.server.port=61208"
Loading

0 comments on commit ed05d1e

Please sign in to comment.