Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
docker_notes:docker-reverse-proxy [2024-01-12 Fri wk02 21:13] – [whitelisting] baumkp | docker_notes:docker-reverse-proxy [2024-08-11 Sun wk32 11:25] (current) – [ssl certificates] baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{tag> | + | {{tag> |
======Reverse Proxy Server====== | ======Reverse Proxy Server====== | ||
- | I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https:// | + | I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https:// |
Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | ||
Line 31: | Line 31: | ||
\\ | \\ | ||
====Generate and Install Godaddy DNS Challenge Data==== | ====Generate and Install Godaddy DNS Challenge Data==== | ||
+ | Godaddy changed their policies circa April 2024 that basically does not give small users access to their developers API system. | ||
+ | |||
+ | My domain is still registered via Godaddy, I expect that I will look at moving to another registry when the registration comes due. I do not wish to support Godaddy going forward with my business. <color # | ||
+ | |||
+ | ++++Old, tl;dr;| | ||
Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https:// | Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https:// | ||
<code [enable_line_numbers=" | <code [enable_line_numbers=" | ||
GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</ | GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</ | ||
- | \\ | + | ++++ |
====Generate and install Basic Authentication Password==== | ====Generate and install Basic Authentication Password==== | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
Line 48: | Line 53: | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
=====Portainer===== | =====Portainer===== | ||
+ | *[[https:// | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
sudo mkdir portainer | sudo mkdir portainer | ||
Line 67: | Line 73: | ||
│ | │ | ||
│ | │ | ||
- | | | + | | |
- | | | + | | |
│ | │ | ||
│ | │ | ||
Line 74: | Line 80: | ||
└── docker-compose.yml</ | └── docker-compose.yml</ | ||
=====whitelisting===== | =====whitelisting===== | ||
- | Th Traefik middleware ipWhitelist | + | The Traefik middleware ipWhitelist |
- | ++++default-whitelist: | + | ++++ipWhitelist| |
- | | + | < |
+ | ipWhiteList: | ||
sourceRange: | sourceRange: | ||
- " | - " | ||
- " | - " | ||
- | - " | + | - " |
++++ | ++++ | ||
- | Todo: look at whitelisting in more detail | + | =====BasicAuth===== |
- | * ''/ | + | For any internal service I expose |
- | * Can this be defined for each container setup in config.yml? Looks likely. | + | |
- | * Can this be reliably setup for public access of certain containers? | + | The middleware |
- | * Ensure **no** | + | |
- | * See reddit dicussion | + | |
=====SSL Services===== | =====SSL Services===== | ||
Line 119: | Line 124: | ||
* Nginxproxymanager.com [[https:// | * Nginxproxymanager.com [[https:// | ||
- | ====ssl certificates==== | + | ====ssl certificates |
*'' | *'' | ||
*'' | *'' | ||
Line 180: | Line 185: | ||
- | <- docker_notes: | + | <- docker_notes: |