Comments (10)
ok, let me explain:
all my changes are done in der /srv/docker dir!
- i use an .env file
- i have made some changes in the docker-compose.yml
docker-compose.zip - one in the traefik/rule/middlewares.yml file
i added my IP @ home to be able to connect to portainer and traefik - one in the trafik.yml
for the trustedIPs for the real IP forwarding
... and all the other things are in this two tickets.
Dont know what´s the best and easiest way help cause i am not a dev!
First of all i will attach my compose file ...
from ansible-adguard.
got it!!!!!
add this to traefik.yml for x-forwarding the real client IP:
websecure:
address: :443
proxyProtocol:
insecure: true
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32" # localhost
- "10.0.0.0/8" # swarm mode ip range
- "192.168.0.0/16" # stand-alone after 172.16.0.0/12 is exhausted
- "172.16.0.0/12" # stand-alone
insecure: true
dnsovertls:
source: https://community.traefik.io/t/use-x-forwarded-in-traefik-v2/5206/4
from ansible-adguard.
but only for DoH ... cause DoT is shown as simple DNS in Adguard ...
from ansible-adguard.
Next little win!
- i am able to conect to the Traefik Dashboard after removing the:
"&& (PathPrefix(/api
) || PathPrefix(/dashboard
))"
from the
"traefik.http.routers.traefikdashboard.rule=Host(traefik.{{hostname}}
)
Label
- i expose 53/tcp and 53/udp direct to adguard) to see the client real IP when doing a normal dns query
The only problem on my list is that i see the proxy IP when using Dot. When this is working i need a wildcard cert to see the client with a "name" like myandroid.adguard.tld
from ansible-adguard.
traefik dashboard can only be accessed with:
https://url/dashboard/
it is very picky and you need the last /
!
And regarding the stuff you changed, can you either do a PR? or show me where to edit the stuff needed?
from ansible-adguard.
i was playing around with docker-socket-proxy, but its not a real security booster ...cause you would need more then one proxy with differrent permissions/container ...
What i will change is the traefik wildcard cert thing in combination with nsone.net
from ansible-adguard.
traefik dashboard can only be accessed with: https://url/dashboard/ it is very picky and you need the last
/
!
Doesn´t work for me. Dont know why .. i have tested it with the / at the end but nothing happens
And regarding the stuff you changed, can you either do a PR? or show me where to edit the stuff needed?
i have to figure out how i can make this cause i am not a dev. only a security guy/admin with much time to play around! ;-)
from ansible-adguard.
maybe i will only apply this to the public facing traefik contianer ...
https://chriswiegman.com/2019/11/protecting-your-docker-socket-with-traefik-2/
adguard has no connection to the docker socket
from ansible-adguard.
since my server is supposed to be pubilc accessible i want to make it as secure as possible.i looked at some tutorial regarding traefik and crowdsec. how did you come up with this traefik config?
from ansible-adguard.
Hi Sorry Ronald for the slow reply, did you managed to get it working? The Traefik config is made by myself using the traefik docs.
from ansible-adguard.
Related Issues (8)
- "The conditional check 'ansible_default_ipv6.address | length > 0' failed. HOT 8
- Documentation improvements HOT 27
- Couple of issues installing on Ubuntu 20.04.6 LTS HOT 2
- block DNS Amplification Attack by iptables HOT 1
- The conditional check 'ansible_default_ipv6.address HOT 4
- Ansible Playbook Error HOT 18
- Ran playbook, no luck HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-adguard.