removed pangolin and older authelia config

authelia/config/configuration.yml

@@ -14,47 +14,20 @@ server:
 
 log:
   level: 'info'
+  format: 'text'
+  file_path: '/etc/authelia/authelia.log'
+  keep_stdout: false
 
 totp:
   issuer: 'authelia.com'
 
-identity_providers:
-  oidc:
-    clients:
-      - client_id: 'pangolin'
-        client_name: 'Pangolin'
-        client_secret: '$pbkdf2-sha512$310000$LJzmdVn/YkSK7t0WxNXs2A$v7nxRYBRJdqmJ/k4Q2SWlp/7m5rsyEtNw9ez9rf7tEYi48ezYChXqCK.VHC/v7tu3Liro.ipy4Uv.euLUfLc7w'  # The digest of 'insecure_secret'.
-        public: false
-        authorization_policy: 'two_factor'
-        require_pkce: true
-        pkce_challenge_method: 'S256'
-        redirect_uris:
-          - '<provided by pangolin>'
-        scopes:
-          - 'openid'
-          - 'profile'
-          - 'email'
-        userinfo_signed_response_alg: 'none'
-        token_endpoint_auth_method: 'client_secret_basic'
-
 identity_validation:
   reset_password:
     jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923'
 
 authentication_backend:
   file:
-    path: '/config/users_database.yml'
-
-# access_control:
-#   default_policy: 'deny'
-#   rules:
-#     # Rules applied to everyone
-#     - domain: 'public.example.com'
-#       policy: 'bypass'
-#     - domain: 'traefik.example.com'
-#       policy: 'one_factor'
-#     - domain: 'secure.example.com'
-#       policy: 'two_factor'
+    path: '/etc/authelia/users_database.yml'
 
 access_control:
   default_policy: deny
@@ -113,11 +86,6 @@ session:
       expiration: '1 hour'
       inactivity: '5 minutes'
 
-  redis:
-    host: 'redis'
-    port: 6379
-    password: 'bc4eb8df73776ba7716aeb60c0023ef6136b80680bb8ea1cf6c51a326dea2c43'
-
 regulation:
   max_retries: 3
   find_time: '2 minutes'
@@ -126,7 +94,7 @@ regulation:
 storage:
   encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf'
   local:
-    path: '/config/db.sqlite3'
+    path: '/etc/authelia/db.sqlite3'
 
 notifier:
   smtp:

caddy/Caddyfile

@@ -0,0 +1,710 @@
+# --------------------------------------------------
+# global options
+# --------------------------------------------------
+{
+	acme_ca https://acme-v02.api.letsencrypt.org/directory
+
+	admin :2019
+	log {
+		output file /var/log/caddy/caddy.log
+		level info
+	}
+
+	servers {
+		trusted_proxies static private_ranges
+	}
+
+	crowdsec {
+		api_url http://localhost:8080
+		api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
+		ticker_interval 15s
+		#disable_streaming
+		#enable_hard_fails
+	}
+}
+
+# --------------------------------------------------
+# cloudflare tls snippet for sites
+# --------------------------------------------------
+
+(cloudflare) {
+	tls {
+		dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
+		resolvers 1.1.1.1 1.0.0.1
+	}
+}
+
+# --------------------------------------------------
+# auth snippet for authelia
+# --------------------------------------------------
+
+(auth) {
+	forward_auth localhost:9091 {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+	}
+}
+
+# --------------------------------------------------
+# akanealw.com root domain
+# --------------------------------------------------
+
+akanealw.com {
+	import cloudflare
+	@akanealwcom host akanealw.com
+	handle @akanealwcom {
+		import auth
+		reverse_proxy 192.168.1.30:3005
+	}
+}
+
+# --------------------------------------------------
+# authelia subdomain
+# --------------------------------------------------
+
+auth.akanealw.com {
+	import cloudflare
+	reverse_proxy localhost:9091
+}
+
+# --------------------------------------------------
+# *.akanealw.com subdomains
+# --------------------------------------------------
+
+*.akanealw.com {
+
+	# --------------------------------------------------
+	# external subdomains without authelia
+	#
+	#
+	#        @ host .akanealw.com
+	#        handle @ {
+	#                reverse_proxy 192.168.1.
+	#        }
+	#
+	#
+	#       @ host .akanealw.com
+	#       handle @ {
+    #               reverse_proxy https://192.168.1. {
+    #                   transport http {
+    #                       tls_insecure_skip_verify
+    #                       }
+    #                   }
+    #       }
+    #
+    #
+	# --------------------------------------------------
+    
+	@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
+	@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
+	import cloudflare
+
+
+	@bitwarden host bitwarden.akanealw.com
+	handle @bitwarden {
+		reverse_proxy 192.168.1.30:8089
+	}
+
+	@giteadocker host gitea-docker.akanealw.com
+	handle @giteadocker {
+		reverse_proxy 192.168.1.30:3100
+	}
+
+	@gitea host gitea.akanealw.com
+	handle @gitea {
+		reverse_proxy 192.168.1.50:3000
+	}
+
+	@jellyfin host jellyfin.akanealw.com
+	handle @jellyfin {
+		reverse_proxy 192.168.1.30:8096
+	}
+
+	@headscale host headscale.akanealw.com
+	handle @headscale {
+		reverse_proxy 192.168.1.95:8888
+	}
+
+	@nextcloud host nextcloud.akanealw.com
+	handle @nextcloud {
+		reverse_proxy https://192.168.1.30:443 {
+            transport http {
+                tls_insecure_skip_verify
+                }
+            }
+	}
+
+	# --------------------------------------------------
+	# external subdomains with authelia
+	#
+	#
+	#       @ host .akanealw.com
+	#       handle @ {
+	#               import auth
+	#               reverse_proxy 192.168.1.
+	#       }
+	#        
+	#       @ host .akanealw.com
+	#       handle @ {
+	#				import auth
+    #               reverse_proxy https://192.168.1. {
+    #                   transport http {
+    #                       tls_insecure_skip_verify
+    #                       }
+    #                   }
+    #       		}
+    #
+	#
+	# --------------------------------------------------
+
+	@docmost host docmost.akanealw.com
+	handle @docmost {
+		import auth
+		reverse_proxy 192.168.1.30:3300
+	}
+
+	@memos host memos.akanealw.com
+	handle @memos {
+		import auth
+		reverse_proxy 192.168.1.30:5230
+	}
+
+	@whoami host whoami.akanealw.com
+	handle @whoami {
+		import auth
+		reverse_proxy localhost:80
+	}
+
+	@wallos host wallos.akanealw.com
+	handle @wallos {
+		import auth
+		reverse_proxy 192.168.1.30:8389
+	}
+
+	@homepage host www.akanealw.com
+	handle @homepage {
+		import auth
+		reverse_proxy 192.168.1.30:3005
+	}
+
+	@filebrowser host filebrowser.akanealw.com
+	handle @filebrowser {
+		import auth
+		reverse_proxy 192.168.1.30:8484
+	}
+
+	@archive host archive.akanealw.com
+	handle @archive {
+		import auth
+		reverse_proxy 192.168.1.30:8283
+	}
+
+	@archivebox host archivebox.akanealw.com
+	handle @archivebox {
+		import auth
+		reverse_proxy 192.168.1.30:8283
+	}
+
+	@codeserver host codeserver.akanealw.com
+	handle @codeserver {
+		import auth
+		reverse_proxy 192.168.1.50:3001
+	}
+
+	@freshrss host freshrss.akanealw.com
+	handle @freshrss {
+		import auth
+		reverse_proxy 192.168.1.30:8088
+	}
+
+	@jackett host jackett.akanealw.com
+	handle @jackett {
+		import auth
+		reverse_proxy 192.168.1.30:9117
+	}
+
+	@jdownloader host jdownloader.akanealw.com
+	handle @jdownloader {
+		import auth
+		reverse_proxy 192.168.1.30:5800
+	}
+
+	@jellyseerr host jellyseerr.akanealw.com
+	handle @jellyseerr {
+		import auth
+		reverse_proxy 192.168.1.30:5056
+	}
+
+	@kavita host kavita.akanealw.com
+	handle @kavita {
+		import auth
+		reverse_proxy 192.168.1.30:5002
+	}
+
+	@lidarr host lidarr.akanealw.com
+	handle @lidarr {
+		import auth
+		reverse_proxy 192.168.1.30:8686
+	}
+
+	@metube host metube.akanealw.com
+	handle @metube {
+		import auth
+		reverse_proxy 192.168.1.30:8082
+	}
+
+	@mstream host mstream.akanealw.com
+	handle @mstream {
+		import auth
+		reverse_proxy 192.168.1.30:3001
+	}
+
+	@nzbhydra host nzbhydra.akanealw.com
+	handle @nzbhydra {
+		import auth
+		reverse_proxy 192.168.1.30:5076
+	}
+
+	@olivetin host olivetin.akanealw.com
+	handle @olivetin {
+		import auth
+		reverse_proxy 192.168.1.30:1337
+	}
+
+	@opengist host opengist.akanealw.com
+	handle @opengist {
+		import auth
+		reverse_proxy 192.168.1.30:6157
+	}
+
+	@paperless host paperless.akanealw.com
+	handle @paperless {
+		import auth
+		reverse_proxy 192.168.1.30:8112
+	}
+
+	@prowlarr host prowlarr.akanealw.com
+	handle @prowlarr {
+		import auth
+		reverse_proxy 192.168.1.30:9696
+	}
+
+	@qbittorrent host qbittorrent.akanealw.com
+	handle @qbittorrent {
+		import auth
+		reverse_proxy 192.168.1.30:8282
+	}
+
+	@radarr host radarr.akanealw.com
+	handle @radarr {
+		import auth
+		reverse_proxy 192.168.1.30:7878
+	}
+
+	@sabnzbd host sabnzbd.akanealw.com
+	handle @sabnzbd {
+		import auth
+		reverse_proxy 192.168.1.30:8181
+	}
+
+	@shlinkweb host shlink.akanealw.com
+	handle @shlinkweb {
+		import auth
+		reverse_proxy 192.168.1.30:8381
+	}
+
+	@sonarr host sonarr.akanealw.com
+	handle @sonarr {
+		import auth
+		reverse_proxy 192.168.1.30:8989
+	}
+
+	@spdf host spdf.akanealw.com
+	handle @spdf {
+		import auth
+		reverse_proxy 192.168.1.30:8086
+	}
+
+	@ittools host it-tools.akanealw.com
+	handle @ittools {
+		import auth
+		reverse_proxy 192.168.1.30:8383
+	}
+
+	@wikidocs host wiki.akanealw.com
+	handle @wikidocs {
+		import auth
+		reverse_proxy 192.168.1.30:8022
+	}
+
+
+	# --------------------------------------------------
+	# internal only subdomains
+	#
+	#
+	#        @ host .akanealw.com
+	#        handle @ {
+	#                        handle @internal {
+	#                                reverse_proxy 192.168.1.
+	#                }
+	#                respond "ip range not allowed"
+	#        }
+	#
+	#
+	#       @ host .akanealw.com
+	#       handle @ {
+	#                       handle @internal {
+	#                               reverse_proxy https://192.168.1. {
+	#                                        transport http {
+	#                                                tls_insecure_skip_verify
+	#                                        }
+	#                               }
+	#               }
+	#               respond "ip range not allowed"
+	#       }
+	#
+	#
+	# --------------------------------------------------
+
+	@localshare host localshare.akanealw.com
+	handle @localshare {
+	    handle @internal {
+	        reverse_proxy 192.168.1.30:8385
+	    }
+	    respond "ip range not allowed"
+	}
+
+	@checkmk host checkmk.akanealw.com
+	handle @checkmk {
+		handle @internal {
+			reverse_proxy 192.168.1.30:8888
+		}
+		respond "ip range not allowed"
+	}
+
+	@linkwarden host linkwarden.akanealw.com
+	handle @linkwarden {
+		handle @internal {
+			reverse_proxy 192.168.1.30:3232
+		}
+		respond "ip range not allowed"
+	}
+
+	@adguardhome host adguardhome.akanealw.com
+	handle @adguardhome {
+		handle @internal {
+			reverse_proxy 192.168.1.1:3000
+		}
+		respond "ip range not allowed"
+	}
+
+	@adguard1 host adguardserver1.akanealw.com
+	handle @adguard1 {
+		handle @internal {
+			reverse_proxy 192.168.1.2:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@adguard2 host adguardserver2.akanealw.com
+	handle @adguard2 {
+		handle @internal {
+			reverse_proxy 192.168.1.3:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@bale host bale.akanealw.com
+	handle @bale {
+		handle @internal {
+			reverse_proxy 192.168.1.51:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@cronicle host cronicle.akanealw.com
+	handle @cronicle {
+		handle @internal {
+			reverse_proxy 192.168.1.30:3012
+		}
+		respond "ip range not allowed"
+	}
+
+	@devdockge host dev-dockge.akanealw.com
+	handle @devdockge {
+		handle @internal {
+			reverse_proxy 192.168.1.35:5001
+		}
+		respond "ip range not allowed"
+	}
+
+	@devdozzle host dev-dozzle.akanealw.com
+	handle @devdozzle {
+		handle @internal {
+			reverse_proxy 192.168.1.35:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@dockerdockge host dockerserver-dockge.akanealw.com
+	handle @dockerdockge {
+		handle @internal {
+			reverse_proxy 192.168.1.30:5001
+		}
+		respond "ip range not allowed"
+	}
+
+	@dockerdozzle host dockerserver-dozzle.akanealw.com
+	handle @dockerdozzle {
+		handle @internal {
+			reverse_proxy 192.168.1.30:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@dockertestdockge host dockerservertest-dockge.akanealw.com
+	handle @dockertestdockge {
+		handle @internal {
+			reverse_proxy 192.168.1.33:5001
+		}
+		respond "ip range not allowed"
+	}
+
+	@dockertestdozzle host dockerservertest-dozzle.akanealw.com
+	handle @dockertestdozzle {
+		handle @internal {
+			reverse_proxy 192.168.1.33:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@proxyserverdockge host proxyserver-dockge.akanealw.com
+	handle @proxyserverdockge {
+		handle @internal {
+			reverse_proxy 192.168.1.4:5001
+		}
+		respond "ip range not allowed"
+	}
+
+	@proxyserverdozzle host proxyserver-dozzle.akanealw.com
+	handle @proxyserverdozzle {
+		handle @internal {
+			reverse_proxy 192.168.1.4:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@files host files.akanealw.com
+	handle @files {
+		handle @internal {
+			redir / /files{uri}
+			reverse_proxy 192.168.1.50:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@icons host icons.akanealw.com
+	handle @icons {
+		handle @internal {
+			rewrite * /files/icons{uri}
+			reverse_proxy 192.168.1.50:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@peanut host peanut.akanealw.com
+	handle @peanut {
+		handle @internal {
+			reverse_proxy 192.168.1.30:8980
+		}
+		respond "ip range not allowed"
+	}
+
+	@photoprism host photoprism.akanealw.com
+	handle @photoprism {
+		handle @internal {
+			reverse_proxy 192.168.1.30:2342
+		}
+		respond "ip range not allowed"
+	}
+
+	@photoprismdadandmom host photos.akanealw.com
+	handle @photoprismdadandmom {
+		handle @internal {
+			reverse_proxy 192.168.1.25:2342
+		}
+		respond "ip range not allowed"
+	}
+
+	@proxmox1 host proxmox1.akanealw.com
+	handle @proxmox1 {
+		handle @internal {
+			reverse_proxy https://192.168.1.51:8006 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@proxmox2 host proxmox2.akanealw.com
+	handle @proxmox2 {
+		handle @internal {
+			reverse_proxy https://192.168.1.52:8006 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@proxmoxbackup host proxmoxbackup.akanealw.com
+	handle @proxmoxbackup {
+		handle @internal {
+			reverse_proxy https://192.168.1.51:8007 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@router host router.akanealw.com
+	handle @router {
+		handle @internal {
+			reverse_proxy http://192.168.1.1:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@rssbridge host rss-bridge.akanealw.com
+	handle @rssbridge {
+		handle @internal {
+			reverse_proxy 192.168.1.30:3006
+		}
+		respond "ip range not allowed"
+	}
+
+	@invidious host invidious.akanealw.com
+	handle @invidious {
+		handle @internal {
+			reverse_proxy 192.168.1.30:3000
+		}
+		respond "ip range not allowed"
+	}
+
+	@scripts host scripts.akanealw.com
+	handle @scripts {
+		handle @internal {
+			redir / /scripts{uri}
+			reverse_proxy 192.168.1.50:80
+		}
+		respond "ip range not allowed"
+	}
+
+	@speedtest host speedtest.akanealw.com
+	handle @speedtest {
+		handle @internal {
+			reverse_proxy 192.168.1.30:8765
+		}
+		respond "ip range not allowed"
+	}
+
+	@dockersyncthing host dockerserver-syncthing.akanealw.com
+	handle @dockersyncthing {
+		handle @internal {
+			reverse_proxy https://192.168.1.30:8384 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@gamingpcsyncthing host gamingpc-syncthing.akanealw.com
+	handle @gamingpcsyncthing {
+		handle @internal {
+			reverse_proxy https://192.168.1.11:8384 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@laptoppcsyncthing host laptoppc-syncthing.akanealw.com
+	handle @laptoppcsyncthing {
+		handle @internal {
+			reverse_proxy https://192.168.1.12:8384 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@webmin host webmin.akanealw.com
+	handle @webmin {
+		handle @internal {
+			reverse_proxy https://192.168.1.51:10000 {
+				transport http {
+					tls_insecure_skip_verify
+				}
+			}
+		}
+		respond "ip range not allowed"
+	}
+
+	@wireguardui host wireguardui.akanealw.com
+	handle @wireguardui {
+		handle @internal {
+			reverse_proxy 192.168.1.4:5000
+		}
+		respond "ip range not allowed"
+	}
+
+	@zabbix host zabbix.akanealw.com
+	handle @zabbix {
+		handle @internal {
+			reverse_proxy 192.168.1.44:8080
+		}
+		respond "ip range not allowed"
+	}
+
+	@piholewg host pihole-wg.akanealw.com
+	handle @piholewg {
+		handle @internal {
+			redir / /admin{uri}
+			reverse_proxy 192.168.1.4:3000
+		}
+		respond "ip range not allowed"
+	}
+
+}
+
+# --------------------------------------------------
+# aknlw.com root domain
+# --------------------------------------------------
+
+aknlw.com {
+	import cloudflare
+	@shlink host aknlw.com
+	handle @shlink {
+		reverse_proxy 192.168.1.30:8380
+	}
+}
+
+# --------------------------------------------------
+# *.aknlw.com subdomains
+# --------------------------------------------------
+
+repo.aknlw.com {
+	import cloudflare
+	reverse_proxy 192.168.1.50:3000
+}

filebrowser/compose.yml

@@ -1,18 +0,0 @@
-services:
-  filebrowser:
-    container_name: filebrowser
-    image: filebrowser/filebrowser:latest
-    networks:
-      - reverse-proxy
-    ports:
-      - 8484:80
-    restart: always
-    volumes:
-      - ./config/filebrowser.db:/database/filebrowser.db
-      - ./config/.filebrowser.json:/.filebrowser.json
-      - ./files:/srv
-
-networks:
-  reverse-proxy:
-    name: reverse-proxy
-    external: true

filebrowser/config/.filebrowser.json

@@ -1,8 +0,0 @@
-{
-    "port": 80,
-    "baseURL": "/",
-    "address": "",
-    "log": "stdout",
-    "database": "/database/filebrowser.db",
-    "root": "/srv"
-  }

pangolin/.env

@@ -1,18 +0,0 @@
-TZ=America/Chicago
-
-POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu
-AUTHENTIK_SECRET_KEY=7kIHbomK9MV4lEvObyOGGvzF222eLZ1RC6fKn28EDEIB4iF8kC
-
-# SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=smtp.gmail.com
-AUTHENTIK_EMAIL__PORT=587
-# Optionally authenticate (don't add quotation marks to your password)
-AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com
-AUTHENTIK_EMAIL__PASSWORD=dqtqnqvdmtgtvwjf
-# Use StartTLS
-AUTHENTIK_EMAIL__USE_TLS=true
-# Use SSL
-AUTHENTIK_EMAIL__USE_SSL=false
-AUTHENTIK_EMAIL__TIMEOUT=10
-# Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=akanealw@gmail.com

pangolin/compose.yml

@@ -1,48 +0,0 @@
-services:
-  pangolin:
-    image: fosrl/pangolin:1.3.1
-    container_name: pangolin
-    restart: unless-stopped
-    networks:
-      - reverse-proxy
-    volumes:
-      - ./config:/app/config
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
-      interval: "10s"
-      timeout: "10s"
-      retries: 15
-
-  traefik:
-    image: traefik:v3.3.6
-    container_name: traefik
-    restart: unless-stopped
-    environment:
-      CLOUDFLARE_DNS_API_TOKEN: "JSXyIqcHpMvDiIoZfQmlH7R2f6dKW92O8Buz_x3X"
-    networks:
-      - reverse-proxy
-    ports:
-      - 443:443
-      - 80:80
-    depends_on:
-      pangolin:
-        condition: service_healthy
-    command:
-      - --configFile=/etc/traefik/traefik_config.yml
-    volumes:
-      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
-      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
-      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
-
-  whoami:
-    image: traefik/whoami
-    container_name: whoami
-    networks:
-      - reverse-proxy
-
-networks:
-  authentik:
-    name: authentik
-  reverse-proxy:
-    external: true
-    

pangolin/config/config.yml

@@ -1,68 +0,0 @@
-# To see all available options, please visit the docs:
-# https://docs.fossorial.io/Pangolin/Configuration/config
-
-app:
-    dashboard_url: "https://pangolin.akanealw3.com"
-    log_level: "debug
-    save_logs: true
-
-domains:
-    domain1:
-        base_domain: "akanealw3.com"
-        cert_resolver: "letsencrypt"
-        prefer_wildcard_cert: true
-
-server:
-    external_port: 3000
-    internal_port: 3001
-    next_port: 3002
-    internal_hostname: "pangolin"
-    session_cookie_name: "p_session_token"
-    resource_access_token_param: "p_token"
-    resource_access_token_headers:
-        id: "P-Access-Token-Id"
-        token: "P-Access-Token"
-    resource_session_request_param: "p_session_request"
-    secret: CGjidUyt3AbKdYA3hpvsfbObKx2tyrdy
-    cors:
-        origins: ["https://pangolin.akanealw3.com"]
-        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
-        headers: ["X-CSRF-Token", "Content-Type"]
-        credentials: false
-
-traefik:
-    cert_resolver: "letsencrypt"
-    http_entrypoint: "web"
-    https_entrypoint: "websecure"
-
-gerbil:
-    start_port: 51820
-    base_endpoint: "pangolin.akanealw3.com"
-    use_subdomain: false
-    block_size: 24
-    site_block_size: 30
-    subnet_group: 100.89.137.0/20
-
-rate_limits:
-    global:
-        window_minutes: 1
-        max_requests: 500
-
-email:
-    smtp_host: "smtp.gmail.com"
-    smtp_port: 587
-    smtp_user: "akanealw@gmail.com"
-    smtp_pass: "dqtqnqvdmtgtvwjf"
-    no_reply: "akanealw@gmail.com"
-
-users:
-    server_admin:
-        email: "akanealw@gmail.com"
-        password: "Bungie1!"
-
-flags:
-    require_email_verification: true
-    disable_signup_without_invite: true
-    disable_user_create_org: false
-    allow_raw_resources: true
-    allow_base_domain_resources: true

pangolin/config/traefik/dynamic_config.yml

@@ -1,57 +0,0 @@
-http:
-  middlewares:
-    redirect-to-https:
-      redirectScheme:
-        scheme: https
-
-  routers:
-    # HTTP to HTTPS redirect router
-    main-app-router-redirect:
-      rule: "Host(`pangolin.akanealw3.com`)"
-      service: next-service
-      entryPoints:
-        - web
-      middlewares:
-        - redirect-to-https
-
-    # Next.js router (handles everything except API and WebSocket paths)
-    next-router:
-      rule: "Host(`pangolin.akanealw3.com`) && !PathPrefix(`/api/v1`)"
-      service: next-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-        domains:
-          - main: "akanealw3.com"
-            sans:
-              - "*.akanealw3.com"
-
-    # API router (handles /api/v1 paths)
-    api-router:
-      rule: "Host(`pangolin.akanealw3.com`) && PathPrefix(`/api/v1`)"
-      service: api-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-    # WebSocket router
-    ws-router:
-      rule: "Host(`pangolin.akanealw3.com`)"
-      service: api-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-  services:
-    next-service:
-      loadBalancer:
-        servers:
-          - url: "http://pangolin:3002"  # Next.js server
-
-    api-service:
-      loadBalancer:
-        servers:
-          - url: "http://pangolin:3000"  # API/WebSocket server

pangolin/config/traefik/traefik_config.yml

@@ -1,46 +0,0 @@
-api:
-  insecure: true
-  dashboard: true
-
-providers:
-  http:
-    endpoint: "http://pangolin:3001/api/v1/traefik-config"
-    pollInterval: "5s"
-  file:
-    filename: "/etc/traefik/dynamic_config.yml"
-
-experimental:
-  plugins:
-    badger:
-      moduleName: "github.com/fosrl/badger"
-      version: "v1.1.0"
-
-log:
-  level: "INFO"
-  format: "common"
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      dnsChallenge:
-        provider: "cloudflare"
-        resolvers:
-          - "1.1.1.1:53"
-      email: "akanealw@gmail.com"
-      storage: "/letsencrypt/acme.json"
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-
-entryPoints:
-  web:
-    address: ":80"
-  websecure:
-    address: ":443"
-    transport:
-      respondingTimeouts:
-        readTimeout: "30m"
-    http:
-      tls:
-        certResolver: "letsencrypt"
-
-serversTransport:
-  insecureSkipVerify: true