16·
8 days agoThe server has been reverse engineered for literal decades at this point.
DarkSirrush
- 0 Posts
- 7 Comments
Joined 2 years ago
Cake day: June 10th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I can share my traefik setup - note I am doing this on my phone at work, so I might miss something
compose.yaml labels: - "traefik.enable=true" - "traefik.http.routers.traefik.middlewares=authwares@file"GNU nano 7.2 /config/traefik/dynamic/middlewares.yaml http: middlewares: limit: buffering: memRequestBodyBytes: 5000000000 memResponseBodyBytes: 5000000000 maxRequestBodyBytes: 5000000000 maxResponseBodyBytes: 5000000000 authwares: chain: middlewares: - default-headers - authelia - limit default-headers: headers: accessControlAllowHeaders: "content-type,authorization" accessControlAllowMethods: - GET - OPTIONS - PUT - POST - DELETE frameDeny: true accessControlAllowOriginList: "*" accessControlMaxAge: 100 addVaryHeader: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN referrerPolicy: "strict-origin-when-cross-origin" customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" X-Forwarded-Proto: "https,wss" hostsProxyHeaders: - "X-Forwarded-Host" authelia: forwardAuth: address: http://auth/api/verify?rd=https%3A%2F%2Fauth.example.com%2F trustForwardHeader: true authResponseHeaders: - "Remote-User" - "Remote-Groups" - "Remote-Email" - "Remote-Name"GNU nano 7.2 /config/traefik/traefik.yaml global: checkNewVersion: false sendAnonymousUsage: false entryPoints: web: address: :80 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: :443 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: tls: options: modern@file certResolver: letsencrypt domains: - main: "example.com" sans: - "*.example.com" providers: docker: exposedByDefault: false network: compose_proxied allowEmptyServices: true endpoint: "http://socket:2375/" defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" file: directory: /config/dynamic watch: true api: insecure: false dashboard: true certificatesResolvers: letsencrypt: acme: email: acme@example.com storage: /certificates/acme.json dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "1.0.0.1:53" log: level: DEBUG filePath: /config/logs/traefik.log format: json accesslog: filepath: /config/logs/access.log bufferingSize: 100 format: json
Guess I am making this in excel now.
Note that its also possible to set up service auto discovery with traefik, the only traefik related config I do on new containers is
Traefik.enabled=true
I have a few:
loginserver- 3 of these, 1 for each of my headless vm’s/computers that’s just an SSH command
dcompose(d/pull) - docker compose (down/pull)3 scripts that are just docker compose up/down/pull, as scripts (remind me in 6 hours and I will post the scripts) so that it will CD to my compose folder, execute the command (with option for naming specific containers or blank for all) and then CD back to the directory I started in.
I gave up on automating it, I download with slskd, and run musicbrainz Picard (import slskd download folder, and set it to always save to the jellyfin music folder/rename with my preferred sorting method). This has the bonus of downloading the cover art, and rarely has issues.
I am definitely not the best at networking, but can’t you do that through your current dhcp client?