chriswin/vps-server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: chriswin:c5a37632392074343a6561eb45ed9112cb21bfb9
Branches Tags
chriswin:main
..
compare: chriswin:main
Branches Tags
chriswin:main

14 Commits
c5a3763239 ... main

Author SHA1 Message Date
renovate_bot
ddf912a4e9 Merge pull request 'Update traefik Docker tag to v3.6.10' (#11) from renovate/traefik-3.x into main 2026-03-07 01:03:47 +01:00
Renovate Bot
15f47d5554 Update traefik Docker tag to v3.6.10 2026-03-07 00:03:44 +00:00
renovate_bot
6992333c6f Merge pull request 'Update traefik Docker tag to v3.6.9' (#10) from renovate/traefik-3.x into main 2026-02-24 01:03:20 +01:00
Renovate Bot
2af1f4c5d9 Update traefik Docker tag to v3.6.9 2026-02-24 00:03:18 +00:00
renovate_bot
e74476439d Merge pull request 'Update traefik Docker tag to v3.6.8' (#9) from renovate/traefik-3.x into main 2026-02-12 01:03:03 +01:00
Renovate Bot
c51f5a6d0d Update traefik Docker tag to v3.6.8 2026-02-12 00:02:59 +00:00
renovate_bot
3f22dc885c Merge pull request 'Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0' (#8) from renovate/hhftechnology-traefik-log-dashboard-agent-2.x into main 2026-02-08 01:02:53 +01:00
renovate_bot
456416b04d Merge pull request 'Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0' (#7) from renovate/hhftechnology-traefik-log-dashboard-2.x into main 2026-02-08 01:02:50 +01:00
Renovate Bot
9a01d992ad Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0 2026-02-08 00:02:50 +00:00
Renovate Bot
154165ab18 Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0 2026-02-08 00:02:49 +00:00
chris
445b638f55 resource and fixes 2026-01-25 22:19:02 +00:00
renovate_bot
afe037ffad Merge pull request 'Update crowdsecurity/crowdsec Docker tag to v1.7.6' (#6) from renovate/crowdsecurity-crowdsec-1.x into main 2026-01-24 01:02:35 +01:00
Renovate Bot
54bcc89c7f Update crowdsecurity/crowdsec Docker tag to v1.7.6 2026-01-24 00:02:32 +00:00
chris
d0e3149200 clean up traefik and crowdsec improvements 2026-01-23 17:10:12 +00:00
4 changed files with 27 additions and 27 deletions
Expand all files Collapse all files

6
services/crowdsec/appsec.yaml
View File

@@ -1,6 +0,0 @@
appsec_configs:
- crowdsecurity/appsec-default
labels:
type: appsec
listen_addr: 0.0.0.0:7422
source: appsec

3
services/crowdsec/crowdsec.yml
View File

@@ -4,7 +4,7 @@ services:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
container_name: crowdsec container_name: crowdsec
image: crowdsecurity/crowdsec:v1.7.4 image: crowdsecurity/crowdsec:v1.7.6
environment: environment:
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY} CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
@@ -18,7 +18,6 @@ services:
- ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro - ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
- ${SERVICE_PATH}/crowdsec/config/config.yaml:/etc/crowdsec/config.yaml - ${SERVICE_PATH}/crowdsec/config/config.yaml:/etc/crowdsec/config.yaml
- ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec - ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec
- ${SERVICE_PATH}/crowdsec/appsec.yaml:/etc/crowdsec/acquis.d/appsec.yaml
- ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data - ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data
- /var/log/traefik:/var/log/crowdsec:ro - /var/log/traefik:/var/log/crowdsec:ro
- /var/log/syslog:/var/log/syslog:ro - /var/log/syslog:/var/log/syslog:ro

22
services/traefik/config/config.yml
View File

@@ -8,7 +8,7 @@ http:
enabled: true enabled: true
logLevel: INFO logLevel: INFO
updateIntervalSeconds: 60 updateIntervalSeconds: 60
crowdsecMode: stream crowdsecMode: live
crowdsecAppsecEnabled: true crowdsecAppsecEnabled: true
crowdsecAppsecFailureBlock: true crowdsecAppsecFailureBlock: true
crowdsecAppsecUnreachableBlock: true crowdsecAppsecUnreachableBlock: true
@@ -21,12 +21,12 @@ http:
- 10.0.0.0/8 - 10.0.0.0/8
clientTrustedIPs: clientTrustedIPs:
- 192.168.178.0/24 - 192.168.178.0/24
captchaProvider: hcaptcha # captchaProvider: hcaptcha
captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account # captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }} # captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
captchaGracePeriodSeconds: 1800 # captchaGracePeriodSeconds: 1800
captchaHTMLFilePath: /captcha.html # captchaHTMLFilePath: /captcha.html
banHTMLFilePath: /ban.html # banHTMLFilePath: /ban.html
routers: routers:
authelia: authelia:
@@ -53,14 +53,6 @@ http:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
headscale:
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entrypoints: https,http
tls:
certresolver: myresolver
middlewares: crowdsec-bouncer@file
immich: immich:
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node

21
services/traefik/traefik.yml
View File

@@ -3,7 +3,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: traefik:v3.6.7 image: traefik:v3.6.10
container_name: traefik container_name: traefik
ports: ports:
- "80:80" - "80:80"
@@ -16,6 +16,11 @@ services:
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP} TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY} TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
deploy:
resources:
limits:
cpus: "0.3"
memory: 150M
volumes: volumes:
- "/var/log/traefik/:/var/log/traefik/" - "/var/log/traefik/:/var/log/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -36,7 +41,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: hhftechnology/traefik-log-dashboard-agent:2.4.1 image: hhftechnology/traefik-log-dashboard-agent:2.5.0
container_name: traefik-log-dashboard-agent container_name: traefik-log-dashboard-agent
networks: networks:
- ip4net - ip4net
@@ -50,6 +55,11 @@ services:
TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN} TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
deploy:
resources:
limits:
cpus: "0.10"
memory: 50M
healthcheck: healthcheck:
test: test:
[ [
@@ -69,7 +79,7 @@ services:
extends: extends:
file: ${TEMPLATES_PATH} file: ${TEMPLATES_PATH}
service: default service: default
image: hhftechnology/traefik-log-dashboard:2.4.1 image: hhftechnology/traefik-log-dashboard:2.5.0
container_name: traefik-log-dashboard container_name: traefik-log-dashboard
networks: networks:
- ip4net - ip4net
@@ -86,6 +96,11 @@ services:
depends_on: depends_on:
traefik-agent: traefik-agent:
condition: service_healthy condition: service_healthy
deploy:
resources:
limits:
cpus: "0.1"
memory: 50M
labels: labels:
# traefik # traefik
- "traefik.enable=true" - "traefik.enable=true"