Commits · a064ddc7e0f232c303f8c4647128728cba6fdb15 · shore / web-proxy-docker

Dec 11, 2021

Rate limit requests to the LDAP auth server. · a064ddc7

nimrod authored May 19, 2021

Because of the setup I have with HAProxy in ns1 in front of Nginx, all
of the requests have the same client IP. In essence this is just rate
limiting all requests, regardless of the client IP (unless coming from
the internal network).

a064ddc7

Nov 10, 2021
- Revert "Remove proxying headers from the auth service." · b908281f
  nimrod authored May 19, 2021
```
This reverts commit 95403974.
```
  b908281f
- Remove proxying headers from the auth service. · 9e0f1d0c
  nimrod authored May 19, 2021
```
The headers should be set in the server that has the /validate endpoint
so we can get the correct client IP.
```
  9e0f1d0c
- Move the Elasticsearch stack to ns4. · 42d5d7d0
  nimrod authored May 17, 2021
  
  42d5d7d0
- Add Kibana and Elasticsearch. · 24896291
  nimrod authored May 14, 2021
  
  24896291
- mta-sts for nehe.sr. · 366c98b5
  nimrod authored May 02, 2021
  
  366c98b5
- Use the snippet. · 17519115
  nimrod authored Apr 30, 2021
  
  17519115
- Add notify.shore.co.il. · 10c34dba
  nimrod authored Apr 23, 2021
  
  10c34dba
- Add auth.shore.co.il. · 30577da7
  nimrod authored Apr 22, 2021
  
  30577da7
- Revert "Collabora Online and Nextcloud, another try." · 2ee7d84a
  nimrod authored Apr 09, 2021
```
This reverts commit a4960969.

I think this breaks other stuff (like mail).
```
  2ee7d84a
- Collabora Online and Nextcloud, another try. · 89d7dd32
  nimrod authored Mar 23, 2021
```
I swear it should be the other way round (it looks to me like Nextcloud
is embedding the code iframe), but disabling CSP on Nextcloud worked and
I saw a comment on the Internet about it so lets give it a try.
```
  89d7dd32
- Revert "Once again, trying to make Collabora Online work." · 35a3dac9
  nimrod authored Mar 13, 2021
```
This reverts commit 388c2272.
```
  35a3dac9
- Once again, trying to make Collabora Online work. · efa72b34
  nimrod authored Mar 13, 2021
  
  efa72b34
- Revert "Revert "Revert "Temporarily disable CSP in Nextcloud.""" · b954ec2a
  nimrod authored Mar 12, 2021
```
This reverts commit 2f132439.

This actually solved the issue (Collabora Online worked!) but this is
not a long-term solution, just a test.
```
  b954ec2a
- Revert "Revert "Temporarily disable CSP in Nextcloud."" · d46ba07e
  nimrod authored Mar 12, 2021
```
This reverts commit cfba896a.

Here we go again.
```
  d46ba07e
- sogo.shore.co.il · 39c4e267
  nimrod authored Feb 27, 2021
  
  39c4e267
- Revert "Temporarily disable CSP in Nextcloud." · 5523e8c1
  nimrod authored Feb 26, 2021
```
This reverts commit 5fd00d28.
```
  5523e8c1
- Revert "Another Nextcloud and Collabora Online workaround." · 60d76d70
  nimrod authored Feb 26, 2021
```
This reverts commit dda18375.
```
  60d76d70
- Another Nextcloud and Collabora Online workaround. · 9538a77f
  nimrod authored Feb 26, 2021
```
This time it's mixed content.
```
  9538a77f
- Temporarily disable CSP in Nextcloud. · 076f0c30
  nimrod authored Feb 26, 2021
```
Trying to figure out and issue with Nextcloud and Collabora Online.
Should be reverted ASAP.
```
  076f0c30
- Use the Vouch proxy sidecar. · d2d4314c
  nimrod authored Feb 04, 2021
  
  d2d4314c
- zpush.shore.co.il. · 64e3105d
  nimrod authored Feb 01, 2021
  
  64e3105d
- vouch.shore.co.il · 985d88a4
  nimrod authored Jan 29, 2021
  
  985d88a4
- Correct naming for lam config. · 69b1cb0a
  nimrod authored Jan 29, 2021
  
  69b1cb0a
- Enable HTTP2 on the rest of the services. · c31ea712
  nimrod authored Jan 28, 2021
  
  c31ea712
- Same well-known directory for ACME challenge for mail. · 97321cd8
  nimrod authored Jan 28, 2021
```
To make more uniform, use the same location on all hosts. Instead of
copying the same tasks over and over in the renew-certs playbook in the
homelab repo.
```
  97321cd8
- Remove unused bind-mounts. · 14d61132
  nimrod authored Jan 28, 2021
```
Those directories were used by hosts now served by ns4.
```
  14d61132
- Collabora online. · c8663755
  nimrod authored Jan 26, 2021
  
  c8663755
- {www.,}shore.co.il is now served by ns4, remove from host01. · 1aa486fd
  nimrod authored Jan 17, 2021
  
  1aa486fd
- LDAP account manager. · d4e74865
  nimrod authored Jan 16, 2021
```
Access LAM on its own domain (from inside the network only).
```
  d4e74865
- Cleanup. · d81aa621
  nimrod authored Jan 12, 2021
```
- No more proxying in www.shore.co.il. I think about redoing it all with
  a subdomain per service. Also no more secrets, intead authenticate
  against the LDAP server or something.
- CI templates.
- Simpler self-signed SSL certificate generation.
- Set the hostname in CI.
- Use the www-redirect snippet in shore.co.il.
```
  d81aa621
- Revert "A general master branch." · fa67cf72
  nimrod authored Jan 12, 2021
```
This reverts commit d4d48591. I'm
reverting most of it but amending or mending a few things that I'm going
to move to ns4.
```
  fa67cf72
- Use the new dynamic variables in tags. · 49a82ef3
  nimrod authored Nov 10, 2021
  
  49a82ef3
- Update CI templates location. · 456f9fcd
  nimrod authored Nov 10, 2021
  
  456f9fcd
Sep 20, 2021
- Update base image. · 9186834e
  nimrod authored Sep 20, 2021
  
  9186834e
- Update pre-commit hooks. · eea25048
  nimrod authored Sep 20, 2021
  
  eea25048
May 31, 2021
- Update Nginx. · ef2a121b
  nimrod authored May 31, 2021
  
  ef2a121b
May 19, 2021
- Revert "Set the proxying header for the LDAP auth service." · 37927a36
  nimrod authored May 19, 2021
```
This reverts commit 7885e91e.
```
  37927a36
- Set the proxying header for the LDAP auth service. · 7885e91e
  nimrod authored May 19, 2021
```
So I can get the real client IP in the service.
```
  7885e91e
May 14, 2021

Give precedence to the acme challenge. · b7c0865d

nimrod authored May 14, 2021

If the acme challenge is in a location block but the default redirection
is not, the default always takes precedence (Nginx won't resolve the
order between the different directives, but it will between different
location blocks).

b7c0865d