From 0a0cde8181e029c4debd625c4819f2cf33bdd6dd Mon Sep 17 00:00:00 2001 From: akanealw Date: Sun, 11 May 2025 19:05:35 -0500 Subject: [PATCH] removed pangolin and older authelia config --- authelia/config/configuration.yml | 42 +- caddy/Caddyfile | 710 +++++++++++++++++++++ filebrowser/compose.yml | 18 - filebrowser/config/.filebrowser.json | 8 - pangolin/.env | 18 - pangolin/compose.yml | 48 -- pangolin/config/config.yml | 68 -- pangolin/config/letsencrypt/acme.json | 0 pangolin/config/traefik/dynamic_config.yml | 57 -- pangolin/config/traefik/traefik_config.yml | 46 -- 10 files changed, 715 insertions(+), 300 deletions(-) mode change 100644 => 100755 authelia/config/configuration.yml create mode 100755 caddy/Caddyfile delete mode 100755 filebrowser/compose.yml delete mode 100755 filebrowser/config/.filebrowser.json delete mode 100644 pangolin/.env delete mode 100644 pangolin/compose.yml delete mode 100644 pangolin/config/config.yml delete mode 100644 pangolin/config/letsencrypt/acme.json delete mode 100644 pangolin/config/traefik/dynamic_config.yml delete mode 100644 pangolin/config/traefik/traefik_config.yml diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml old mode 100644 new mode 100755 index 6984646..a36ecb5 --- a/authelia/config/configuration.yml +++ b/authelia/config/configuration.yml @@ -14,47 +14,20 @@ server: log: level: 'info' + format: 'text' + file_path: '/etc/authelia/authelia.log' + keep_stdout: false totp: issuer: 'authelia.com' -identity_providers: - oidc: - clients: - - client_id: 'pangolin' - client_name: 'Pangolin' - client_secret: '$pbkdf2-sha512$310000$LJzmdVn/YkSK7t0WxNXs2A$v7nxRYBRJdqmJ/k4Q2SWlp/7m5rsyEtNw9ez9rf7tEYi48ezYChXqCK.VHC/v7tu3Liro.ipy4Uv.euLUfLc7w' # The digest of 'insecure_secret'. - public: false - authorization_policy: 'two_factor' - require_pkce: true - pkce_challenge_method: 'S256' - redirect_uris: - - '' - scopes: - - 'openid' - - 'profile' - - 'email' - userinfo_signed_response_alg: 'none' - token_endpoint_auth_method: 'client_secret_basic' - identity_validation: reset_password: jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923' authentication_backend: file: - path: '/config/users_database.yml' - -# access_control: -# default_policy: 'deny' -# rules: -# # Rules applied to everyone -# - domain: 'public.example.com' -# policy: 'bypass' -# - domain: 'traefik.example.com' -# policy: 'one_factor' -# - domain: 'secure.example.com' -# policy: 'two_factor' + path: '/etc/authelia/users_database.yml' access_control: default_policy: deny @@ -113,11 +86,6 @@ session: expiration: '1 hour' inactivity: '5 minutes' - redis: - host: 'redis' - port: 6379 - password: 'bc4eb8df73776ba7716aeb60c0023ef6136b80680bb8ea1cf6c51a326dea2c43' - regulation: max_retries: 3 find_time: '2 minutes' @@ -126,7 +94,7 @@ regulation: storage: encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf' local: - path: '/config/db.sqlite3' + path: '/etc/authelia/db.sqlite3' notifier: smtp: diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100755 index 0000000..76aee64 --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,710 @@ +# -------------------------------------------------- +# global options +# -------------------------------------------------- +{ + acme_ca https://acme-v02.api.letsencrypt.org/directory + + admin :2019 + log { + output file /var/log/caddy/caddy.log + level info + } + + servers { + trusted_proxies static private_ranges + } + + crowdsec { + api_url http://localhost:8080 + api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE + ticker_interval 15s + #disable_streaming + #enable_hard_fails + } +} + +# -------------------------------------------------- +# cloudflare tls snippet for sites +# -------------------------------------------------- + +(cloudflare) { + tls { + dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3 + resolvers 1.1.1.1 1.0.0.1 + } +} + +# -------------------------------------------------- +# auth snippet for authelia +# -------------------------------------------------- + +(auth) { + forward_auth localhost:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } +} + +# -------------------------------------------------- +# akanealw.com root domain +# -------------------------------------------------- + +akanealw.com { + import cloudflare + @akanealwcom host akanealw.com + handle @akanealwcom { + import auth + reverse_proxy 192.168.1.30:3005 + } +} + +# -------------------------------------------------- +# authelia subdomain +# -------------------------------------------------- + +auth.akanealw.com { + import cloudflare + reverse_proxy localhost:9091 +} + +# -------------------------------------------------- +# *.akanealw.com subdomains +# -------------------------------------------------- + +*.akanealw.com { + + # -------------------------------------------------- + # external subdomains without authelia + # + # + # @ host .akanealw.com + # handle @ { + # reverse_proxy 192.168.1. + # } + # + # + # @ host .akanealw.com + # handle @ { + # reverse_proxy https://192.168.1. { + # transport http { + # tls_insecure_skip_verify + # } + # } + # } + # + # + # -------------------------------------------------- + + @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + import cloudflare + + + @bitwarden host bitwarden.akanealw.com + handle @bitwarden { + reverse_proxy 192.168.1.30:8089 + } + + @giteadocker host gitea-docker.akanealw.com + handle @giteadocker { + reverse_proxy 192.168.1.30:3100 + } + + @gitea host gitea.akanealw.com + handle @gitea { + reverse_proxy 192.168.1.50:3000 + } + + @jellyfin host jellyfin.akanealw.com + handle @jellyfin { + reverse_proxy 192.168.1.30:8096 + } + + @headscale host headscale.akanealw.com + handle @headscale { + reverse_proxy 192.168.1.95:8888 + } + + @nextcloud host nextcloud.akanealw.com + handle @nextcloud { + reverse_proxy https://192.168.1.30:443 { + transport http { + tls_insecure_skip_verify + } + } + } + + # -------------------------------------------------- + # external subdomains with authelia + # + # + # @ host .akanealw.com + # handle @ { + # import auth + # reverse_proxy 192.168.1. + # } + # + # @ host .akanealw.com + # handle @ { + # import auth + # reverse_proxy https://192.168.1. { + # transport http { + # tls_insecure_skip_verify + # } + # } + # } + # + # + # -------------------------------------------------- + + @docmost host docmost.akanealw.com + handle @docmost { + import auth + reverse_proxy 192.168.1.30:3300 + } + + @memos host memos.akanealw.com + handle @memos { + import auth + reverse_proxy 192.168.1.30:5230 + } + + @whoami host whoami.akanealw.com + handle @whoami { + import auth + reverse_proxy localhost:80 + } + + @wallos host wallos.akanealw.com + handle @wallos { + import auth + reverse_proxy 192.168.1.30:8389 + } + + @homepage host www.akanealw.com + handle @homepage { + import auth + reverse_proxy 192.168.1.30:3005 + } + + @filebrowser host filebrowser.akanealw.com + handle @filebrowser { + import auth + reverse_proxy 192.168.1.30:8484 + } + + @archive host archive.akanealw.com + handle @archive { + import auth + reverse_proxy 192.168.1.30:8283 + } + + @archivebox host archivebox.akanealw.com + handle @archivebox { + import auth + reverse_proxy 192.168.1.30:8283 + } + + @codeserver host codeserver.akanealw.com + handle @codeserver { + import auth + reverse_proxy 192.168.1.50:3001 + } + + @freshrss host freshrss.akanealw.com + handle @freshrss { + import auth + reverse_proxy 192.168.1.30:8088 + } + + @jackett host jackett.akanealw.com + handle @jackett { + import auth + reverse_proxy 192.168.1.30:9117 + } + + @jdownloader host jdownloader.akanealw.com + handle @jdownloader { + import auth + reverse_proxy 192.168.1.30:5800 + } + + @jellyseerr host jellyseerr.akanealw.com + handle @jellyseerr { + import auth + reverse_proxy 192.168.1.30:5056 + } + + @kavita host kavita.akanealw.com + handle @kavita { + import auth + reverse_proxy 192.168.1.30:5002 + } + + @lidarr host lidarr.akanealw.com + handle @lidarr { + import auth + reverse_proxy 192.168.1.30:8686 + } + + @metube host metube.akanealw.com + handle @metube { + import auth + reverse_proxy 192.168.1.30:8082 + } + + @mstream host mstream.akanealw.com + handle @mstream { + import auth + reverse_proxy 192.168.1.30:3001 + } + + @nzbhydra host nzbhydra.akanealw.com + handle @nzbhydra { + import auth + reverse_proxy 192.168.1.30:5076 + } + + @olivetin host olivetin.akanealw.com + handle @olivetin { + import auth + reverse_proxy 192.168.1.30:1337 + } + + @opengist host opengist.akanealw.com + handle @opengist { + import auth + reverse_proxy 192.168.1.30:6157 + } + + @paperless host paperless.akanealw.com + handle @paperless { + import auth + reverse_proxy 192.168.1.30:8112 + } + + @prowlarr host prowlarr.akanealw.com + handle @prowlarr { + import auth + reverse_proxy 192.168.1.30:9696 + } + + @qbittorrent host qbittorrent.akanealw.com + handle @qbittorrent { + import auth + reverse_proxy 192.168.1.30:8282 + } + + @radarr host radarr.akanealw.com + handle @radarr { + import auth + reverse_proxy 192.168.1.30:7878 + } + + @sabnzbd host sabnzbd.akanealw.com + handle @sabnzbd { + import auth + reverse_proxy 192.168.1.30:8181 + } + + @shlinkweb host shlink.akanealw.com + handle @shlinkweb { + import auth + reverse_proxy 192.168.1.30:8381 + } + + @sonarr host sonarr.akanealw.com + handle @sonarr { + import auth + reverse_proxy 192.168.1.30:8989 + } + + @spdf host spdf.akanealw.com + handle @spdf { + import auth + reverse_proxy 192.168.1.30:8086 + } + + @ittools host it-tools.akanealw.com + handle @ittools { + import auth + reverse_proxy 192.168.1.30:8383 + } + + @wikidocs host wiki.akanealw.com + handle @wikidocs { + import auth + reverse_proxy 192.168.1.30:8022 + } + + + # -------------------------------------------------- + # internal only subdomains + # + # + # @ host .akanealw.com + # handle @ { + # handle @internal { + # reverse_proxy 192.168.1. + # } + # respond "ip range not allowed" + # } + # + # + # @ host .akanealw.com + # handle @ { + # handle @internal { + # reverse_proxy https://192.168.1. { + # transport http { + # tls_insecure_skip_verify + # } + # } + # } + # respond "ip range not allowed" + # } + # + # + # -------------------------------------------------- + + @localshare host localshare.akanealw.com + handle @localshare { + handle @internal { + reverse_proxy 192.168.1.30:8385 + } + respond "ip range not allowed" + } + + @checkmk host checkmk.akanealw.com + handle @checkmk { + handle @internal { + reverse_proxy 192.168.1.30:8888 + } + respond "ip range not allowed" + } + + @linkwarden host linkwarden.akanealw.com + handle @linkwarden { + handle @internal { + reverse_proxy 192.168.1.30:3232 + } + respond "ip range not allowed" + } + + @adguardhome host adguardhome.akanealw.com + handle @adguardhome { + handle @internal { + reverse_proxy 192.168.1.1:3000 + } + respond "ip range not allowed" + } + + @adguard1 host adguardserver1.akanealw.com + handle @adguard1 { + handle @internal { + reverse_proxy 192.168.1.2:80 + } + respond "ip range not allowed" + } + + @adguard2 host adguardserver2.akanealw.com + handle @adguard2 { + handle @internal { + reverse_proxy 192.168.1.3:80 + } + respond "ip range not allowed" + } + + @bale host bale.akanealw.com + handle @bale { + handle @internal { + reverse_proxy 192.168.1.51:8080 + } + respond "ip range not allowed" + } + + @cronicle host cronicle.akanealw.com + handle @cronicle { + handle @internal { + reverse_proxy 192.168.1.30:3012 + } + respond "ip range not allowed" + } + + @devdockge host dev-dockge.akanealw.com + handle @devdockge { + handle @internal { + reverse_proxy 192.168.1.35:5001 + } + respond "ip range not allowed" + } + + @devdozzle host dev-dozzle.akanealw.com + handle @devdozzle { + handle @internal { + reverse_proxy 192.168.1.35:8080 + } + respond "ip range not allowed" + } + + @dockerdockge host dockerserver-dockge.akanealw.com + handle @dockerdockge { + handle @internal { + reverse_proxy 192.168.1.30:5001 + } + respond "ip range not allowed" + } + + @dockerdozzle host dockerserver-dozzle.akanealw.com + handle @dockerdozzle { + handle @internal { + reverse_proxy 192.168.1.30:8080 + } + respond "ip range not allowed" + } + + @dockertestdockge host dockerservertest-dockge.akanealw.com + handle @dockertestdockge { + handle @internal { + reverse_proxy 192.168.1.33:5001 + } + respond "ip range not allowed" + } + + @dockertestdozzle host dockerservertest-dozzle.akanealw.com + handle @dockertestdozzle { + handle @internal { + reverse_proxy 192.168.1.33:8080 + } + respond "ip range not allowed" + } + + @proxyserverdockge host proxyserver-dockge.akanealw.com + handle @proxyserverdockge { + handle @internal { + reverse_proxy 192.168.1.4:5001 + } + respond "ip range not allowed" + } + + @proxyserverdozzle host proxyserver-dozzle.akanealw.com + handle @proxyserverdozzle { + handle @internal { + reverse_proxy 192.168.1.4:8080 + } + respond "ip range not allowed" + } + + @files host files.akanealw.com + handle @files { + handle @internal { + redir / /files{uri} + reverse_proxy 192.168.1.50:80 + } + respond "ip range not allowed" + } + + @icons host icons.akanealw.com + handle @icons { + handle @internal { + rewrite * /files/icons{uri} + reverse_proxy 192.168.1.50:80 + } + respond "ip range not allowed" + } + + @peanut host peanut.akanealw.com + handle @peanut { + handle @internal { + reverse_proxy 192.168.1.30:8980 + } + respond "ip range not allowed" + } + + @photoprism host photoprism.akanealw.com + handle @photoprism { + handle @internal { + reverse_proxy 192.168.1.30:2342 + } + respond "ip range not allowed" + } + + @photoprismdadandmom host photos.akanealw.com + handle @photoprismdadandmom { + handle @internal { + reverse_proxy 192.168.1.25:2342 + } + respond "ip range not allowed" + } + + @proxmox1 host proxmox1.akanealw.com + handle @proxmox1 { + handle @internal { + reverse_proxy https://192.168.1.51:8006 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @proxmox2 host proxmox2.akanealw.com + handle @proxmox2 { + handle @internal { + reverse_proxy https://192.168.1.52:8006 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @proxmoxbackup host proxmoxbackup.akanealw.com + handle @proxmoxbackup { + handle @internal { + reverse_proxy https://192.168.1.51:8007 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @router host router.akanealw.com + handle @router { + handle @internal { + reverse_proxy http://192.168.1.1:80 + } + respond "ip range not allowed" + } + + @rssbridge host rss-bridge.akanealw.com + handle @rssbridge { + handle @internal { + reverse_proxy 192.168.1.30:3006 + } + respond "ip range not allowed" + } + + @invidious host invidious.akanealw.com + handle @invidious { + handle @internal { + reverse_proxy 192.168.1.30:3000 + } + respond "ip range not allowed" + } + + @scripts host scripts.akanealw.com + handle @scripts { + handle @internal { + redir / /scripts{uri} + reverse_proxy 192.168.1.50:80 + } + respond "ip range not allowed" + } + + @speedtest host speedtest.akanealw.com + handle @speedtest { + handle @internal { + reverse_proxy 192.168.1.30:8765 + } + respond "ip range not allowed" + } + + @dockersyncthing host dockerserver-syncthing.akanealw.com + handle @dockersyncthing { + handle @internal { + reverse_proxy https://192.168.1.30:8384 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @gamingpcsyncthing host gamingpc-syncthing.akanealw.com + handle @gamingpcsyncthing { + handle @internal { + reverse_proxy https://192.168.1.11:8384 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @laptoppcsyncthing host laptoppc-syncthing.akanealw.com + handle @laptoppcsyncthing { + handle @internal { + reverse_proxy https://192.168.1.12:8384 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @webmin host webmin.akanealw.com + handle @webmin { + handle @internal { + reverse_proxy https://192.168.1.51:10000 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + + @wireguardui host wireguardui.akanealw.com + handle @wireguardui { + handle @internal { + reverse_proxy 192.168.1.4:5000 + } + respond "ip range not allowed" + } + + @zabbix host zabbix.akanealw.com + handle @zabbix { + handle @internal { + reverse_proxy 192.168.1.44:8080 + } + respond "ip range not allowed" + } + + @piholewg host pihole-wg.akanealw.com + handle @piholewg { + handle @internal { + redir / /admin{uri} + reverse_proxy 192.168.1.4:3000 + } + respond "ip range not allowed" + } + +} + +# -------------------------------------------------- +# aknlw.com root domain +# -------------------------------------------------- + +aknlw.com { + import cloudflare + @shlink host aknlw.com + handle @shlink { + reverse_proxy 192.168.1.30:8380 + } +} + +# -------------------------------------------------- +# *.aknlw.com subdomains +# -------------------------------------------------- + +repo.aknlw.com { + import cloudflare + reverse_proxy 192.168.1.50:3000 +} diff --git a/filebrowser/compose.yml b/filebrowser/compose.yml deleted file mode 100755 index 987c2c6..0000000 --- a/filebrowser/compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -services: - filebrowser: - container_name: filebrowser - image: filebrowser/filebrowser:latest - networks: - - reverse-proxy - ports: - - 8484:80 - restart: always - volumes: - - ./config/filebrowser.db:/database/filebrowser.db - - ./config/.filebrowser.json:/.filebrowser.json - - ./files:/srv - -networks: - reverse-proxy: - name: reverse-proxy - external: true diff --git a/filebrowser/config/.filebrowser.json b/filebrowser/config/.filebrowser.json deleted file mode 100755 index b926a1f..0000000 --- a/filebrowser/config/.filebrowser.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "port": 80, - "baseURL": "/", - "address": "", - "log": "stdout", - "database": "/database/filebrowser.db", - "root": "/srv" - } diff --git a/pangolin/.env b/pangolin/.env deleted file mode 100644 index e50d6fe..0000000 --- a/pangolin/.env +++ /dev/null @@ -1,18 +0,0 @@ -TZ=America/Chicago - -POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu -AUTHENTIK_SECRET_KEY=7kIHbomK9MV4lEvObyOGGvzF222eLZ1RC6fKn28EDEIB4iF8kC - -# SMTP Host Emails are sent to -AUTHENTIK_EMAIL__HOST=smtp.gmail.com -AUTHENTIK_EMAIL__PORT=587 -# Optionally authenticate (don't add quotation marks to your password) -AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com -AUTHENTIK_EMAIL__PASSWORD=dqtqnqvdmtgtvwjf -# Use StartTLS -AUTHENTIK_EMAIL__USE_TLS=true -# Use SSL -AUTHENTIK_EMAIL__USE_SSL=false -AUTHENTIK_EMAIL__TIMEOUT=10 -# Email address authentik will send from, should have a correct @domain -AUTHENTIK_EMAIL__FROM=akanealw@gmail.com diff --git a/pangolin/compose.yml b/pangolin/compose.yml deleted file mode 100644 index 3a3635c..0000000 --- a/pangolin/compose.yml +++ /dev/null @@ -1,48 +0,0 @@ -services: - pangolin: - image: fosrl/pangolin:1.3.1 - container_name: pangolin - restart: unless-stopped - networks: - - reverse-proxy - volumes: - - ./config:/app/config - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] - interval: "10s" - timeout: "10s" - retries: 15 - - traefik: - image: traefik:v3.3.6 - container_name: traefik - restart: unless-stopped - environment: - CLOUDFLARE_DNS_API_TOKEN: "JSXyIqcHpMvDiIoZfQmlH7R2f6dKW92O8Buz_x3X" - networks: - - reverse-proxy - ports: - - 443:443 - - 80:80 - depends_on: - pangolin: - condition: service_healthy - command: - - --configFile=/etc/traefik/traefik_config.yml - volumes: - - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration - - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates - - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs - - whoami: - image: traefik/whoami - container_name: whoami - networks: - - reverse-proxy - -networks: - authentik: - name: authentik - reverse-proxy: - external: true - \ No newline at end of file diff --git a/pangolin/config/config.yml b/pangolin/config/config.yml deleted file mode 100644 index 27681b9..0000000 --- a/pangolin/config/config.yml +++ /dev/null @@ -1,68 +0,0 @@ -# To see all available options, please visit the docs: -# https://docs.fossorial.io/Pangolin/Configuration/config - -app: - dashboard_url: "https://pangolin.akanealw3.com" - log_level: "debug - save_logs: true - -domains: - domain1: - base_domain: "akanealw3.com" - cert_resolver: "letsencrypt" - prefer_wildcard_cert: true - -server: - external_port: 3000 - internal_port: 3001 - next_port: 3002 - internal_hostname: "pangolin" - session_cookie_name: "p_session_token" - resource_access_token_param: "p_token" - resource_access_token_headers: - id: "P-Access-Token-Id" - token: "P-Access-Token" - resource_session_request_param: "p_session_request" - secret: CGjidUyt3AbKdYA3hpvsfbObKx2tyrdy - cors: - origins: ["https://pangolin.akanealw3.com"] - methods: ["GET", "POST", "PUT", "DELETE", "PATCH"] - headers: ["X-CSRF-Token", "Content-Type"] - credentials: false - -traefik: - cert_resolver: "letsencrypt" - http_entrypoint: "web" - https_entrypoint: "websecure" - -gerbil: - start_port: 51820 - base_endpoint: "pangolin.akanealw3.com" - use_subdomain: false - block_size: 24 - site_block_size: 30 - subnet_group: 100.89.137.0/20 - -rate_limits: - global: - window_minutes: 1 - max_requests: 500 - -email: - smtp_host: "smtp.gmail.com" - smtp_port: 587 - smtp_user: "akanealw@gmail.com" - smtp_pass: "dqtqnqvdmtgtvwjf" - no_reply: "akanealw@gmail.com" - -users: - server_admin: - email: "akanealw@gmail.com" - password: "Bungie1!" - -flags: - require_email_verification: true - disable_signup_without_invite: true - disable_user_create_org: false - allow_raw_resources: true - allow_base_domain_resources: true diff --git a/pangolin/config/letsencrypt/acme.json b/pangolin/config/letsencrypt/acme.json deleted file mode 100644 index e69de29..0000000 diff --git a/pangolin/config/traefik/dynamic_config.yml b/pangolin/config/traefik/dynamic_config.yml deleted file mode 100644 index 0feb3d7..0000000 --- a/pangolin/config/traefik/dynamic_config.yml +++ /dev/null @@ -1,57 +0,0 @@ -http: - middlewares: - redirect-to-https: - redirectScheme: - scheme: https - - routers: - # HTTP to HTTPS redirect router - main-app-router-redirect: - rule: "Host(`pangolin.akanealw3.com`)" - service: next-service - entryPoints: - - web - middlewares: - - redirect-to-https - - # Next.js router (handles everything except API and WebSocket paths) - next-router: - rule: "Host(`pangolin.akanealw3.com`) && !PathPrefix(`/api/v1`)" - service: next-service - entryPoints: - - websecure - tls: - certResolver: letsencrypt - domains: - - main: "akanealw3.com" - sans: - - "*.akanealw3.com" - - # API router (handles /api/v1 paths) - api-router: - rule: "Host(`pangolin.akanealw3.com`) && PathPrefix(`/api/v1`)" - service: api-service - entryPoints: - - websecure - tls: - certResolver: letsencrypt - - # WebSocket router - ws-router: - rule: "Host(`pangolin.akanealw3.com`)" - service: api-service - entryPoints: - - websecure - tls: - certResolver: letsencrypt - - services: - next-service: - loadBalancer: - servers: - - url: "http://pangolin:3002" # Next.js server - - api-service: - loadBalancer: - servers: - - url: "http://pangolin:3000" # API/WebSocket server diff --git a/pangolin/config/traefik/traefik_config.yml b/pangolin/config/traefik/traefik_config.yml deleted file mode 100644 index b361456..0000000 --- a/pangolin/config/traefik/traefik_config.yml +++ /dev/null @@ -1,46 +0,0 @@ -api: - insecure: true - dashboard: true - -providers: - http: - endpoint: "http://pangolin:3001/api/v1/traefik-config" - pollInterval: "5s" - file: - filename: "/etc/traefik/dynamic_config.yml" - -experimental: - plugins: - badger: - moduleName: "github.com/fosrl/badger" - version: "v1.1.0" - -log: - level: "INFO" - format: "common" - -certificatesResolvers: - letsencrypt: - acme: - dnsChallenge: - provider: "cloudflare" - resolvers: - - "1.1.1.1:53" - email: "akanealw@gmail.com" - storage: "/letsencrypt/acme.json" - caServer: "https://acme-v02.api.letsencrypt.org/directory" - -entryPoints: - web: - address: ":80" - websecure: - address: ":443" - transport: - respondingTimeouts: - readTimeout: "30m" - http: - tls: - certResolver: "letsencrypt" - -serversTransport: - insecureSkipVerify: true