Paul R Kartchner
6a7b2ff7f0
Configuration changes: - Enable Traefik experimental plugins support - Add Crowdsec bouncer plugin (maxlerebourg v1.3.3) - Configure Crowdsec middleware in config.yml - Connect Traefik to Crowdsec network - Add IP whitelist middleware for internal network - Update .gitignore to exclude crowdsec directory Security enhancements: - All routes now protected by Crowdsec threat intelligence - Internal network IP whitelist for Traefik dashboard - Crowdsec monitors all Traefik access logs - Real-time blocking of malicious IPs Protected services: - Mealie (recipes.pkartchner.com) - Gogs (git.pkartchner.com) - Traefik Dashboard (internal network only) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
http:
|
|
routers:
|
|
# Router for Gogs (if it's running outside Docker or on different network)
|
|
gogs:
|
|
rule: "Host(`git.pkartchner.com`)"
|
|
entryPoints:
|
|
- https
|
|
service: gogs
|
|
middlewares:
|
|
- secure-headers
|
|
- crowdsec-bouncer
|
|
tls:
|
|
certResolver: letsencrypt
|
|
|
|
services:
|
|
# Service for Gogs
|
|
gogs:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://gogs.pkartchner.com:3000"
|
|
|
|
middlewares:
|
|
# Security headers
|
|
secure-headers:
|
|
headers:
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 31536000
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "same-origin"
|
|
|
|
# IP whitelist for internal network access only
|
|
internal-whitelist:
|
|
ipWhiteList:
|
|
sourceRange:
|
|
- "10.20.10.0/24"
|
|
- "10.20.140.0/24"
|
|
- "127.0.0.1/32"
|
|
|
|
# Crowdsec bouncer middleware
|
|
crowdsec-bouncer:
|
|
plugin:
|
|
bouncer:
|
|
enabled: true
|
|
crowdsecMode: live
|
|
crowdsecLapiKey: zQB3/JX6G+wxzYf4TvpMkmFLhSODYnfRhSkh8+y4+Zo
|
|
crowdsecLapiHost: crowdsec:8080
|
|
crowdsecLapiScheme: http
|
|
forwardedHeadersCustomName: X-Custom-Header
|