diff --git a/docker_sock/docker-compose.labels.yml b/docker_sock/docker-compose.labels.yml index 69a0ec0..288bddd 100644 --- a/docker_sock/docker-compose.labels.yml +++ b/docker_sock/docker-compose.labels.yml @@ -6,4 +6,4 @@ services: traefik.http.services.docker_sock.loadBalancer.server.port: 9000 # traefik.http.routers.docker_sock.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/docker_sock`) - traefik.http.routers.docker_sock.entryPoints: lan-https + traefik.http.routers.docker_sock.entryPoints: lan-https-b diff --git a/gitea/docker-compose.labels.yml b/gitea/docker-compose.labels.yml index 7f75443..dd2c92a 100644 --- a/gitea/docker-compose.labels.yml +++ b/gitea/docker-compose.labels.yml @@ -8,5 +8,5 @@ services: traefik.http.middlewares.strip-gitea-prefix.stripPrefix.prefixes: "/${GITEA_BASE_PATH:?}" # traefik.http.routers.gitea.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${GITEA_BASE_PATH:?}`) - traefik.http.routers.gitea.entryPoints: lan-https + traefik.http.routers.gitea.entryPoints: lan-https-b traefik.http.routers.gitea.middlewares: only-https-forwarded-proto, strip-gitea-prefix diff --git a/gitea/extra/gitea/etc/gitea/app.template.ini b/gitea/extra/gitea/etc/gitea/app.template.ini index 3829d7b..e36b6c7 100644 --- a/gitea/extra/gitea/etc/gitea/app.template.ini +++ b/gitea/extra/gitea/etc/gitea/app.template.ini @@ -34,7 +34,7 @@ DOMAIN = ${SERVER_LAN_FQDN} ENABLE_GZIP = true HTTP_PORT = 3000 OFFLINE_MODE = true -ROOT_URL = https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT}/${GITEA_BASE_PATH}/ +ROOT_URL = https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT_B}/${GITEA_BASE_PATH}/ [service] DISABLE_REGISTRATION = true diff --git a/gitea/meta.yml b/gitea/meta.yml index 7fd3bf1..d77b663 100644 --- a/gitea/meta.yml +++ b/gitea/meta.yml @@ -3,7 +3,7 @@ messages: post: - >- ${_THIS_COMPOSITION_} may now be accessed on - ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT}/${GITEA_BASE_PATH}/${_RESET_FONT_} + ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT_B}/${GITEA_BASE_PATH}/${_RESET_FONT_} pre_reqs: - traefik diff --git a/indexarr/meta.yml b/indexarr/meta.yml index 6cfb7de..38b8e8b 100644 --- a/indexarr/meta.yml +++ b/indexarr/meta.yml @@ -2,7 +2,7 @@ messages: up: post: - >- - ${_THIS_COMPOSITION_} may now be accessed on + ${_THIS_COMPOSITION_}:jackett may now be accessed on ${_LINK_FONT_}https://${SERVER_WAN_FQDN}:${SERVER_WAN_HTTPS_PORT}/${JACKETT_BASE_PATH}/${_RESET_FONT_} pre_reqs: diff --git a/monitarr/meta.yml b/monitarr/meta.yml index 828ca95..2acda4a 100644 --- a/monitarr/meta.yml +++ b/monitarr/meta.yml @@ -2,13 +2,13 @@ messages: up: post: - >- - ${_bold_}${_CUR_COMP_}-lidarr${_RESET_FONT_} may now be accessed on + ${_THIS_COMPOSITION_}:lidarr may now be accessed on ${_LINK_FONT_}https://${SERVER_WAN_FQDN}:${SERVER_WAN_HTTPS_PORT}/${LIDARR_BASE_PATH}/${_RESET_FONT_} - >- - ${_bold_}${_CUR_COMP_}-radarr${_RESET_FONT_} may now be accessed on + ${_THIS_COMPOSITION_}:radarr may now be accessed on ${_LINK_FONT_}https://${SERVER_WAN_FQDN}:${SERVER_WAN_HTTPS_PORT}/${RADARR_BASE_PATH}/${_RESET_FONT_} - >- - ${_bold_}${_CUR_COMP_}-sonarr${_RESET_FONT_} may now be accessed on + ${_THIS_COMPOSITION_}:sonarr may now be accessed on ${_LINK_FONT_}https://${SERVER_WAN_FQDN}:${SERVER_WAN_HTTPS_PORT}/${SONARR_BASE_PATH}/${_RESET_FONT_} pre_reqs: diff --git a/netbox/docker-compose.labels.yml b/netbox/docker-compose.labels.yml index 0a03702..4718602 100644 --- a/netbox/docker-compose.labels.yml +++ b/netbox/docker-compose.labels.yml @@ -4,4 +4,4 @@ services: traefik.enable: true # traefik.http.routers.netbox.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${NETBOX_BASE_PATH:?}`) - traefik.http.routers.netbox.entryPoints: lan-https + traefik.http.routers.netbox.entryPoints: lan-https-b diff --git a/netbox/env/netbox b/netbox/env/netbox index 75ddd77..236ef0a 100644 --- a/netbox/env/netbox +++ b/netbox/env/netbox @@ -4,5 +4,5 @@ SECRET_KEY: 'a988a1a6d5b1c49753bf185a7ef3b40fec60ff05b88c2dec237382b71e53e919' NETBOX_BASE_PATH: ${NETBOX_BASE_PATH:?} HOUSEKEEPING_INTERVAL_SECONDS: 7200 ALLOWED_HOSTS: '*' -CSRF_TRUSTED_ORIGINS: "https://${SERVER_LAN_FQDN:?}:${SERVER_LAN_HTTPS_PORT:?}" +CSRF_TRUSTED_ORIGINS: "https://${SERVER_LAN_FQDN:?}:${SERVER_LAN_HTTPS_PORT_B:?}" CORS_ORIGIN_ALLOW_ALL: True diff --git a/netbox/meta.yml b/netbox/meta.yml index 03e053e..48778a0 100644 --- a/netbox/meta.yml +++ b/netbox/meta.yml @@ -3,7 +3,7 @@ messages: post: - >- ${_THIS_COMPOSITION_} may now be accessed on - ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT}/${NETBOX_BASE_PATH}/${_RESET_FONT_} + ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT_B}/${NETBOX_BASE_PATH}/${_RESET_FONT_} pre_reqs: - traefik diff --git a/pihole/docker-compose.labels.yml b/pihole/docker-compose.labels.yml index 99a37fb..da59c6b 100644 --- a/pihole/docker-compose.labels.yml +++ b/pihole/docker-compose.labels.yml @@ -8,14 +8,14 @@ services: traefik.http.middlewares.add-admin-prefix.addPrefix.prefix: "/admin" # traefik.http.routers.pihole.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${PIHOLE_BASE_PATH:?}`) - traefik.http.routers.pihole.entryPoints: lan-https + traefik.http.routers.pihole.entryPoints: lan-https-b traefik.http.routers.pihole.middlewares: strip-pihole-prefix, add-admin-prefix # # FIXME: The rule below is necessary to correctly redirect after login. # The `/admin` redirect seems to be hard coded (unlike the rest of the application, thankfully!). # traefik.http.routers.pihole-admin.rule: Host(`${SERVER_LAN_FQDN:?}`) && Path(`/admin/`) - traefik.http.routers.pihole-admin.entryPoints: lan-https + traefik.http.routers.pihole-admin.entryPoints: lan-https-b traefik.http.routers.pihole-admin.service: pihole@docker traefik.http.middlewares.pihole-postlogin-redirect.redirectRegex.permanent: true traefik.http.middlewares.pihole-postlogin-redirect.redirectRegex.regex: "^https://(.+)/admin/(.*)$" diff --git a/pihole/meta.yml b/pihole/meta.yml index 10e1afc..046a367 100644 --- a/pihole/meta.yml +++ b/pihole/meta.yml @@ -3,7 +3,7 @@ messages: post: - >- ${_THIS_COMPOSITION_} may now be accessed on - ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT}/${PIHOLE_BASE_PATH}/${_RESET_FONT_} + ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT_B}/${PIHOLE_BASE_PATH}/${_RESET_FONT_} pre_reqs: - traefik diff --git a/static.global.env b/static.global.env index 26de296..44f8ec4 100644 --- a/static.global.env +++ b/static.global.env @@ -1,11 +1,16 @@ SERVER_LAN_BINDING_IP=127.0.0.1 SERVER_LAN_FQDN=localhost -SERVER_LAN_HTTP_PORT=9080 -SERVER_LAN_HTTPS_PORT=9443 + +SERVER_LAN_HTTP_PORT_A=8080 +SERVER_LAN_HTTPS_PORT_A=8443 + +SERVER_LAN_HTTP_PORT_B=9080 +SERVER_LAN_HTTPS_PORT_B=9443 SERVER_LETS_ENCRYPT_ACME_EMAIL=someone@some.domain.net SERVER_LETS_ENCRYPT_ACME_CA_SERVER_USE_STAGING=YES SERVER_WAN_BINDING_IP=127.0.0.1 SERVER_WAN_FQDN=localhost + SERVER_WAN_HTTPS_PORT=443 diff --git a/tang/docker-compose.labels.yml b/tang/docker-compose.labels.yml index 5456971..92063e6 100644 --- a/tang/docker-compose.labels.yml +++ b/tang/docker-compose.labels.yml @@ -6,5 +6,5 @@ services: traefik.http.middlewares.strip-tang-prefix.stripPrefix.prefixes: "/${TANG_BASE_PATH:?}" # traefik.http.routers.tang.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${TANG_BASE_PATH:?}`) - traefik.http.routers.tang.entryPoints: lan-http + traefik.http.routers.tang.entryPoints: lan-http-b traefik.http.routers.tang.middlewares: strip-tang-prefix diff --git a/tang/meta.yml b/tang/meta.yml index 43d04c9..77306d7 100644 --- a/tang/meta.yml +++ b/tang/meta.yml @@ -3,7 +3,7 @@ messages: post: - >- ${_THIS_COMPOSITION_} is now listening on - ${_LINK_FONT_}http://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTP_PORT}/${_RESET_FONT_} + ${_LINK_FONT_}http://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTP_PORT_B}/${_RESET_FONT_} pre_reqs: - traefik diff --git a/telegraf/docker-compose.yml b/telegraf/docker-compose.yml index 9a2b02f..097b27d 100644 --- a/telegraf/docker-compose.yml +++ b/telegraf/docker-compose.yml @@ -27,8 +27,6 @@ services: HOST_PROC: /host/proc HOST_SYS: /host/sys HOST_MOUNT_PREFIX: /host - SERVER_LAN_FQDN: ${SERVER_LAN_FQDN:?} - SERVER_LAN_HTTPS_PORT: ${SERVER_LAN_HTTPS_PORT:?} TELEGRAF_LOGGING_FILE: STDOUT TELEGRAF_REPORTING_ENABLED: 'false' INFLUXDB_URL: http://${SERVER_LAN_FQDN:?}:8086 diff --git a/teslamate/docker-compose.labels.yml b/teslamate/docker-compose.labels.yml index 32b6c74..1d339b3 100644 --- a/teslamate/docker-compose.labels.yml +++ b/teslamate/docker-compose.labels.yml @@ -8,9 +8,9 @@ services: traefik.http.middlewares.only-wss-forwarded-proto.headers.customRequestHeaders.X-Forwarded-Proto: wss # traefik.http.routers.teslamate.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${TESLAMATE_BASE_PATH:?}`) - traefik.http.routers.teslamate.entryPoints: lan-https + traefik.http.routers.teslamate.entryPoints: lan-https-b traefik.http.routers.teslamate.middlewares: strip-teslamate-prefix, only-https-forwarded-proto # traefik.http.routers.teslamate-websocket.rule: Host(`${SERVER_LAN_FQDN:?}`) && PathPrefix(`/${TESLAMATE_BASE_PATH:?}/live/websocket`) - traefik.http.routers.teslamate-websocket.entryPoints: lan-https + traefik.http.routers.teslamate-websocket.entryPoints: lan-https-b traefik.http.routers.teslamate-websocket.middlewares: strip-teslamate-prefix, only-wss-forwarded-proto diff --git a/teslamate/meta.yml b/teslamate/meta.yml index 6b3cb97..3339f78 100644 --- a/teslamate/meta.yml +++ b/teslamate/meta.yml @@ -3,7 +3,7 @@ messages: post: - >- ${_THIS_COMPOSITION_} may now be accessed on - ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT}/${TESLAMATE_BASE_PATH}/${_RESET_FONT_} + ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:${SERVER_LAN_HTTPS_PORT_B}/${TESLAMATE_BASE_PATH}/${_RESET_FONT_} pre_reqs: - traefik diff --git a/traefik/docker-compose.ports.yml b/traefik/docker-compose.ports.yml index c0d77e5..f505ea9 100644 --- a/traefik/docker-compose.ports.yml +++ b/traefik/docker-compose.ports.yml @@ -1,7 +1,12 @@ services: traefik: ports: + # Traefik internal dashboard & API - ${SERVER_LAN_BINDING_IP:?}:34443:34443 + # HTTP and HTTPS bindings intended for LAN exposure + - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTP_PORT_A:?}:${SERVER_LAN_HTTP_PORT_A:?} + - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTPS_PORT_A:?}:${SERVER_LAN_HTTPS_PORT_A:?} + - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTP_PORT_B:?}:${SERVER_LAN_HTTP_PORT_B:?} + - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTPS_PORT_B:?}:${SERVER_LAN_HTTPS_PORT_B:?} + # HTTPS binding intended for WAN exposure - ${SERVER_WAN_BINDING_IP:?}:${SERVER_WAN_HTTPS_PORT:?}:${SERVER_WAN_HTTPS_PORT:?} - - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTP_PORT:?}:${SERVER_LAN_HTTP_PORT:?} - - ${SERVER_LAN_BINDING_IP:?}:${SERVER_LAN_HTTPS_PORT:?}:${SERVER_LAN_HTTPS_PORT:?} diff --git a/traefik/extra/traefik/traefik.template.yml b/traefik/extra/traefik/traefik.template.yml index e2315e4..00b4454 100644 --- a/traefik/extra/traefik/traefik.template.yml +++ b/traefik/extra/traefik/traefik.template.yml @@ -43,14 +43,28 @@ entryPoints: - default@file - add-ssl-headers@file tls: true - lan-http: - address: ":${SERVER_LAN_HTTP_PORT}" + lan-http-a: + address: ":${SERVER_LAN_HTTP_PORT_A}" http: middlewares: - restrict-to-lan-ip@file - default@file - lan-https: - address: ":${SERVER_LAN_HTTPS_PORT}" + lan-https-a: + address: ":${SERVER_LAN_HTTPS_PORT_A}" + http: + middlewares: + - restrict-to-lan-ip@file + - default@file + - add-ssl-headers@file + tls: true + lan-http-b: + address: ":${SERVER_LAN_HTTP_PORT_B}" + http: + middlewares: + - restrict-to-lan-ip@file + - default@file + lan-https-b: + address: ":${SERVER_LAN_HTTPS_PORT_B}" http: middlewares: - restrict-to-lan-ip@file diff --git a/traefik/meta.yml b/traefik/meta.yml index 1ba5178..3f5dff7 100644 --- a/traefik/meta.yml +++ b/traefik/meta.yml @@ -2,7 +2,7 @@ messages: up: post: - >- - ${_THIS_COMPOSITION_} may now be accessed on + ${_THIS_COMPOSITION_} dashboard may now be accessed on ${_LINK_FONT_}https://${SERVER_LAN_FQDN}:34443/dashboard/${_RESET_FONT_} pre_reqs: