Merge pull request 'Update traefik Docker tag to v3.6.10' (#11 ) from renovate/traefik-3.x into main

Update traefik Docker tag to v3.6.10
Merge pull request 'Update traefik Docker tag to v3.6.9' (#10 ) from renovate/traefik-3.x into main
2026-03-07 01:03:47 +01:00 · 2026-03-07 00:03:44 +00:00 · 2026-02-24 01:03:20 +01:00 · 2026-02-24 00:03:18 +00:00 · 2026-02-12 01:03:03 +01:00 · 2026-02-12 00:02:59 +00:00
8 changed files with 106 additions and 27 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,12 @@
 # Ignore these files
 **/services/.env
 # Ignore these folders
 letsencrypt/
 certs/
 log-dashboard/
 lib/
 **/headscale/config/
 **/headscale/run/
 **/crowdsec/config/
 **/crowdsec/data/
--- a/README.md
+++ b/README.md
@@ -2,3 +2,9 @@
 This configuration includes a reverse proxy using caddy, headscale (VPN) and watchtower (automatic updates).
 It is particularly useful if you do not own an IPV4 address, as this could be deployed on a server. In this case it was deployed on an oracle server and automated using an ansible playbook found on this [repository](https://gitea.crescentec.ch/chriswin/vps-ansible)
 For Crowdsec, if an enrollment to your console is wanted, run the following command: 
 ```
 docker compose -it exec cscli console enroll $ENROLLMENT_KEY
 ```
 where the the enrollment can be found in your console under the engine page.
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,48 @@
 {
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "extends": [
        "schedule:automergeDaily"
    ],
    "dependencyDashboard": true,
    "dependencyDashboardTitle": "Renovate Dashboard",
    "assignees": [
        "chriswin"
    ],
    "labels": [
        "renovate"
    ],
    "configMigration": true,
    "prHourlyLimit": 0,
    "packageRules": [
        {
            "matchCategories": [
                "docker"
            ],
            "enabled": true,
            "managerFilePatterns": [
                "/(^|/)services/*\\Dockerfile$/"
            ]
        },
        {
            "matchUpdateTypes": [
                "minor",
                "patch"
            ],
            "automerge": true,
            "automergeType": "pr"
        },
        {
            "matchUpdateTypes": [
                "major"
            ],
            "automerge": false
        }
    ],
    "docker-compose": {
        "enabled": true,
        "managerFilePatterns": [
            "/(^|/)docker-compose\\.yml$/",
            "/(^|/)services/.*\\.yml$/"
        ]
    }
 }
--- a/services/.env
+++ b/services/.env
@@ -1 +0,0 @@
 CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ
--- a/services/crowdsec/crowdsec.yml
+++ b/services/crowdsec/crowdsec.yml
@@ -4,7 +4,7 @@ services:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: crowdsec
-    image: crowdsecurity/crowdsec:v1.7.4
+    image: crowdsecurity/crowdsec:v1.7.6
    environment:
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
      CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
--- a/services/headscale/headscale.yml
+++ b/services/headscale/headscale.yml
@@ -3,19 +3,24 @@ services:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
-    image: docker.io/headscale/headscale 
+    image: docker.io/headscale/headscale
-    container_name: headscale 
+    container_name: headscale
    volumes:
      - ${SERVICE_PATH}/headscale/config:/etc/headscale
      - ${SERVICE_PATH}/headscale/lib:/var/lib/headscale
      - ${SERVICE_PATH}/headscale/run:/var/run/headscale
    ports:
-      - 127.0.0.1:8080:8080 # api 
+      - 127.0.0.1:8080:8080 # api
      - 127.0.0.1:9090:9090 # metrics
    command: serve
    environment:
    networks:
      - ip4net
    labels:
-      # Watchtower
+      # Traefik
-      - "com.centurylinklabs.watchtower.enable=true"
+      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.headscale.entrypoints=https"
      - "traefik.http.routers.headscale.tls.certresolver=myresolver"
      - "traefik.http.routers.headscale.tls=true"
      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
--- a/services/traefik/config/config.yml
+++ b/services/traefik/config/config.yml
@@ -5,26 +5,28 @@ http:
    crowdsec-bouncer:
      plugin:
        crowdsec-bouncer-traefik-plugin:
-          enabled: true
+          enabled: true 
          logLevel: INFO
          updateIntervalSeconds: 60
-          crowdsecMode: stream
+          crowdsecMode: live 
          crowdsecAppsecEnabled: true
          crowdsecAppsecFailureBlock: true 
          crowdsecAppsecUnreachableBlock: true 
          crowdsecAppsecHost: crowdsec:7422
          crowdsecLapiScheme: http
          crowdsecLapiHost: crowdsec:8080
          # generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
-          crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
+          crowdsecLapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
          forwardedHeadersTrustedIPs:
            - 10.0.0.0/8
          clientTrustedIPs:
            - 192.168.178.0/24
-          captchaProvider: hcaptcha
+          # captchaProvider: hcaptcha
-          captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
+          # captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
-          captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
+          # captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
-          captchaGracePeriodSeconds: 1800
+          # captchaGracePeriodSeconds: 1800
-          captchaHTMLFilePath: /captcha.html
+          # captchaHTMLFilePath: /captcha.html
-          banHTMLFilePath: /ban.html
+          # banHTMLFilePath: /ban.html
  routers:
    authelia:
@@ -51,14 +53,6 @@ http:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
    headscale:
      rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
    immich:
      rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
--- a/services/traefik/traefik.yml
+++ b/services/traefik/traefik.yml
@@ -3,7 +3,7 @@ services:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
-    image: traefik:v3.6.6
+    image: traefik:v3.6.10
    container_name: traefik
    ports:
      - "80:80"
@@ -16,6 +16,11 @@ services:
      TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
      TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
      TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
    deploy:
      resources:
        limits:
          cpus: "0.3"
          memory: 150M
    volumes:
      - "/var/log/traefik/:/var/log/traefik/"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -36,7 +41,7 @@ services:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
-    image: hhftechnology/traefik-log-dashboard-agent:2.4.0
+    image: hhftechnology/traefik-log-dashboard-agent:2.5.0
    container_name: traefik-log-dashboard-agent
    networks:
      - ip4net
@@ -50,6 +55,11 @@ services:
      TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
      TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
      TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 50M
    healthcheck:
      test:
        [
@@ -69,7 +79,7 @@ services:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
-    image: hhftechnology/traefik-log-dashboard:2.4.0
+    image: hhftechnology/traefik-log-dashboard:2.5.0
    container_name: traefik-log-dashboard
    networks:
      - ip4net
@@ -86,6 +96,11 @@ services:
    depends_on:
      traefik-agent:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: "0.1"
          memory: 50M
    labels:
      # traefik
      - "traefik.enable=true"
Author	SHA1	Message	Date
renovate_bot	ddf912a4e9	Merge pull request 'Update traefik Docker tag to v3.6.10' (#11 ) from renovate/traefik-3.x into main	2026-03-07 01:03:47 +01:00
Renovate Bot	15f47d5554	Update traefik Docker tag to v3.6.10	2026-03-07 00:03:44 +00:00
renovate_bot	6992333c6f	Merge pull request 'Update traefik Docker tag to v3.6.9' (#10 ) from renovate/traefik-3.x into main	2026-02-24 01:03:20 +01:00
Renovate Bot	2af1f4c5d9	Update traefik Docker tag to v3.6.9	2026-02-24 00:03:18 +00:00
renovate_bot	e74476439d	Merge pull request 'Update traefik Docker tag to v3.6.8' (#9 ) from renovate/traefik-3.x into main	2026-02-12 01:03:03 +01:00
Renovate Bot	c51f5a6d0d	Update traefik Docker tag to v3.6.8	2026-02-12 00:02:59 +00:00
renovate_bot	3f22dc885c	Merge pull request 'Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0' (#8 ) from renovate/hhftechnology-traefik-log-dashboard-agent-2.x into main	2026-02-08 01:02:53 +01:00
renovate_bot	456416b04d	Merge pull request 'Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0' (#7 ) from renovate/hhftechnology-traefik-log-dashboard-2.x into main	2026-02-08 01:02:50 +01:00
Renovate Bot	9a01d992ad	Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0	2026-02-08 00:02:50 +00:00
Renovate Bot	154165ab18	Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0	2026-02-08 00:02:49 +00:00
chris	445b638f55	resource and fixes	2026-01-25 22:19:02 +00:00
renovate_bot	afe037ffad	Merge pull request 'Update crowdsecurity/crowdsec Docker tag to v1.7.6' (#6 ) from renovate/crowdsecurity-crowdsec-1.x into main	2026-01-24 01:02:35 +01:00
Renovate Bot	54bcc89c7f	Update crowdsecurity/crowdsec Docker tag to v1.7.6	2026-01-24 00:02:32 +00:00
chris	d0e3149200	clean up traefik and crowdsec improvements	2026-01-23 17:10:12 +00:00
chriswin	c5a3763239	Merge pull request 'Update traefik Docker tag to v3.6.7' (#5 ) from renovate/traefik-3.x into main Reviewed-on: #5	2026-01-21 18:17:05 +01:00
renovate_bot	6287e7b6cd	Merge pull request 'Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.4.1' (#4 ) from renovate/hhftechnology-traefik-log-dashboard-agent-2.x into main	2026-01-21 18:16:39 +01:00
renovate_bot	f8857d8097	Merge pull request 'Update hhftechnology/traefik-log-dashboard Docker tag to v2.4.1' (#3 ) from renovate/hhftechnology-traefik-log-dashboard-2.x into main	2026-01-21 18:16:39 +01:00
Renovate Bot	74a1e0b0f7	Update traefik Docker tag to v3.6.7	2026-01-21 17:16:38 +00:00
Renovate Bot	9afb7ff397	Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.4.1	2026-01-21 17:16:37 +00:00
Renovate Bot	adc4358152	Update hhftechnology/traefik-log-dashboard Docker tag to v2.4.1	2026-01-21 17:16:35 +00:00
chriswin	139fe18e76	Update renovate.json	2026-01-21 18:14:26 +01:00
chriswin	152ad30a5a	Update renovate.json	2026-01-21 18:13:15 +01:00
chriswin	632a19e9cc	Merge pull request 'Configure Renovate' (#1 ) from renovate/configure into main Reviewed-on: #1	2026-01-21 17:45:02 +01:00
chriswin	ad916b67bb	Update renovate.json	2026-01-21 17:44:52 +01:00
Renovate Bot	5c3cc4ae60	Add renovate.json	2026-01-21 16:40:12 +00:00
chris	31cad6e3cb	add crowdsec console enrollment	2026-01-21 16:29:22 +00:00
chris	039354993e	cleanup gitignore, improve crowdsec	2026-01-21 16:25:39 +00:00
		`@@ -1 +0,0 @@`
			`CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ`