Enable http3 for all services, use central certResolver config

3 years ago · 6a3183b4c4
parent c8f638115a
commit 6a3183b4c4
10 changed files with 6 additions and 24 deletions
--- a/docker/freshrss/docker-compose.yaml
+++ b/docker/freshrss/docker-compose.yaml
@ -27,8 +27,6 @@ services:

      - "traefik.http.routers.freshrss.entrypoints=https"
      - "traefik.http.routers.freshrss.rule=Host(`rss.korhonen.cc`)"
-      - "traefik.http.routers.freshrss.tls=true"
-      - "traefik.http.routers.freshrss.tls.certresolver=http"
      - "traefik.http.routers.freshrss.service=freshrss"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.freshrss.loadbalancer.server.port=80"
@ -53,8 +51,6 @@ services:

      - "traefik.http.routers.bibliogram.entrypoints=https"
      - "traefik.http.routers.bibliogram.rule=Host(`bibliogram.korhonen.cc`)"
-      - "traefik.http.routers.bibliogram.tls=true"
-      - "traefik.http.routers.bibliogram.tls.certresolver=http"
      - "traefik.http.routers.bibliogram.service=bibliogram"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.bibliogram.loadbalancer.server.port=10407"
--- a/docker/gitea/docker-compose.yaml
+++ b/docker/gitea/docker-compose.yaml
@ -28,8 +28,6 @@ services:

      - "traefik.http.routers.gitea.entrypoints=https"
      - "traefik.http.routers.gitea.rule=Host(`git.korhonen.cc`)"
-      - "traefik.http.routers.gitea.tls=true"
-      - "traefik.http.routers.gitea.tls.certresolver=http"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
--- a/docker/homeautomation/docker-compose.yaml
+++ b/docker/homeautomation/docker-compose.yaml
@ -30,8 +30,6 @@ services:

      - "traefik.http.routers.home-assistant.entrypoints=https"
      - "traefik.http.routers.home-assistant.rule=Host(`home.korhonen.cc`)"
-      - "traefik.http.routers.home-assistant.tls=true"
-      - "traefik.http.routers.home-assistant.tls.certresolver=http"
      - "traefik.http.routers.home-assistant.service=home-assistant"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.home-assistant.loadbalancer.server.port=8123"
@ -94,8 +92,6 @@ services:

      - "traefik.http.routers.node-red.entrypoints=https"
      - "traefik.http.routers.node-red.rule=Host(`node.korhonen.cc`)"
-      - "traefik.http.routers.node-red.tls=true"
-      - "traefik.http.routers.node-red.tls.certresolver=http"
      - "traefik.http.routers.node-red.service=node-red"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.node-red.loadbalancer.server.port=1880"
--- a/docker/index.korhonen.cc/docker-compose.yaml
+++ b/docker/index.korhonen.cc/docker-compose.yaml
@ -22,8 +22,6 @@ services:

      - "traefik.http.routers.index.entrypoints=https"
      - "traefik.http.routers.index.rule=Host(`index.korhonen.cc`)"
-      - "traefik.http.routers.index.tls=true"
-      - "traefik.http.routers.index.tls.certresolver=http"
      - "traefik.http.routers.index.service=index"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.index.loadbalancer.server.port=80"
--- a/docker/jellyfin/docker-compose.yaml
+++ b/docker/jellyfin/docker-compose.yaml
@ -29,8 +29,6 @@ services:

      - "traefik.http.routers.jellyfin.entrypoints=https"
      - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.korhonen.cc`)"
-      - "traefik.http.routers.jellyfin.tls=true"
-      - "traefik.http.routers.jellyfin.tls.certresolver=http"
      - "traefik.http.routers.jellyfin.service=jellyfin"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
--- a/docker/nextcloud/docker-compose.yaml
+++ b/docker/nextcloud/docker-compose.yaml
@ -33,8 +33,6 @@ services:

      - "traefik.http.routers.nextcloud.entrypoints=https"
      - "traefik.http.routers.nextcloud.rule=Host(`cloud.korhonen.cc`)"
-      - "traefik.http.routers.nextcloud.tls=true"
-      - "traefik.http.routers.nextcloud.tls.certresolver=http"
      - "traefik.http.routers.nextcloud.service=nextcloud"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
--- a/docker/pihole/docker-compose.yaml
+++ b/docker/pihole/docker-compose.yaml
@ -35,8 +35,6 @@ services:

      - "traefik.http.routers.pihole.entrypoints=https"
      - "traefik.http.routers.pihole.rule=Host(`pihole.korhonen.cc`)"
-      - "traefik.http.routers.pihole.tls=true"
-      - "traefik.http.routers.pihole.tls.certresolver=http"
      - "traefik.http.routers.pihole.service=pihole"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
--- a/docker/traefik/docker-compose.yaml
+++ b/docker/traefik/docker-compose.yaml
@ -7,7 +7,8 @@ services:
    restart: unless-stopped
    ports:
      - '80:80'
-      - '443:443'
+      - '443:443/tcp'
+      - '443:443/udp'
    environment:
      - TZ=Europe/Helsinki
    security_opt:
@ -22,8 +23,8 @@ services:
      - /docker/traefik/traefik/acme.json:/acme.json
      - /docker/traefik/traefik/log:/var/log
    labels:
+      # Serve dashboard
      - 'traefik.enable=true'
-
      - 'traefik.http.routers.redirect.entrypoints=http'
      - 'traefik.http.routers.redirect.rule=Host(`traefik.korhonen.cc`)'
      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
@ -33,8 +34,6 @@ services:
      - 'traefik.http.routers.dashboard.rule=Host(`traefik.korhonen.cc`)'
      - 'traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users'
      - 'traefik.http.routers.dashboard.middlewares=dashboard-auth'
-      - 'traefik.http.routers.dashboard.tls=true'
-      - 'traefik.http.routers.dashboard.tls.certresolver=http'
      - 'traefik.http.routers.dashboard.service=api@internal'

  fail2ban:
--- a/docker/tvheadend/docker-compose.yaml
+++ b/docker/tvheadend/docker-compose.yaml
@ -31,8 +31,6 @@ services:

      - "traefik.http.routers.tvheadend.entrypoints=https"
      - "traefik.http.routers.tvheadend.rule=Host(`tvheadend.korhonen.cc`)"
-      - "traefik.http.routers.tvheadend.tls=true"
-      - "traefik.http.routers.tvheadend.tls.certresolver=http"
      - "traefik.http.routers.tvheadend.service=tvheadend"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.tvheadend.loadbalancer.server.port=9981"
--- a/root/etc/ssh/sshd_config
+++ b/root/etc/ssh/sshd_config
@ -1,6 +1,9 @@
 # Remove socket for gpg agent forwarding
 StreamLocalBindUnlink yes

+{%@@ if profile == "Moria" @@%}
+Port 221
+{%@@ endif @@%}
 X11Forwarding yes
 AuthorizedKeysFile	.ssh/authorized_keys
 PasswordAuthentication no