Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
docker_notes:docker-reverse-proxy [2024-01-12 Fri wk02 21:17] – [whitelisting] baumkp | docker_notes:docker-reverse-proxy [2024-08-11 Sun wk32 11:25] (current) – [ssl certificates] baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{tag> | + | {{tag> |
======Reverse Proxy Server====== | ======Reverse Proxy Server====== | ||
- | I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https:// | + | I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https:// |
Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | ||
Line 31: | Line 31: | ||
\\ | \\ | ||
====Generate and Install Godaddy DNS Challenge Data==== | ====Generate and Install Godaddy DNS Challenge Data==== | ||
+ | Godaddy changed their policies circa April 2024 that basically does not give small users access to their developers API system. | ||
+ | |||
+ | My domain is still registered via Godaddy, I expect that I will look at moving to another registry when the registration comes due. I do not wish to support Godaddy going forward with my business. <color # | ||
+ | |||
+ | ++++Old, tl;dr;| | ||
Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https:// | Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https:// | ||
<code [enable_line_numbers=" | <code [enable_line_numbers=" | ||
GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</ | GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</ | ||
- | \\ | + | ++++ |
====Generate and install Basic Authentication Password==== | ====Generate and install Basic Authentication Password==== | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
Line 48: | Line 53: | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
=====Portainer===== | =====Portainer===== | ||
+ | *[[https:// | ||
<code bash [enable_line_numbers=" | <code bash [enable_line_numbers=" | ||
sudo mkdir portainer | sudo mkdir portainer | ||
Line 67: | Line 73: | ||
│ | │ | ||
│ | │ | ||
- | | | + | | |
- | | | + | | |
│ | │ | ||
│ | │ | ||
Line 74: | Line 80: | ||
└── docker-compose.yml</ | └── docker-compose.yml</ | ||
=====whitelisting===== | =====whitelisting===== | ||
- | The Traefik middleware ipWhitelist only allows the define ip addess | + | The Traefik middleware ipWhitelist only allows the define ip address(es) |
++++ipWhitelist| | ++++ipWhitelist| | ||
< | < | ||
Line 84: | Line 90: | ||
++++ | ++++ | ||
+ | =====BasicAuth===== | ||
+ | For any internal service I expose to the public internet that are either not full services with own password, e.g. dokuwiki, nextcloud and mail server, but I do not want general public access I would like to add basic password protection. | ||
+ | |||
+ | The middleware [[https:// | ||
=====SSL Services===== | =====SSL Services===== | ||
Line 114: | Line 124: | ||
* Nginxproxymanager.com [[https:// | * Nginxproxymanager.com [[https:// | ||
- | ====ssl certificates==== | + | ====ssl certificates |
*'' | *'' | ||
*'' | *'' | ||
Line 175: | Line 185: | ||
- | <- docker_notes: | + | <- docker_notes: |