Commits · a4960969b48f81a6bbbe3cb739b89dbda691d786 · shore / web-proxy-docker

Mar 26, 2021
- Collabora Online and Nextcloud, another try. · a4960969
  nimrod authored Mar 23, 2021
```
I swear it should be the other way round (it looks to me like Nextcloud
is embedding the code iframe), but disabling CSP on Nextcloud worked and
I saw a comment on the Internet about it so lets give it a try.
```
  a4960969
- Revert "Once again, trying to make Collabora Online work." · 5147c1bd
  nimrod authored Mar 13, 2021
```
This reverts commit 388c2272.
```
  5147c1bd
- Once again, trying to make Collabora Online work. · cb6605d8
  nimrod authored Mar 13, 2021
  
  cb6605d8
- Revert "Revert "Revert "Temporarily disable CSP in Nextcloud.""" · 2f77a828
  nimrod authored Mar 12, 2021
```
This reverts commit 2f132439.

This actually solved the issue (Collabora Online worked!) but this is
not a long-term solution, just a test.
```
  2f77a828
- Revert "Revert "Temporarily disable CSP in Nextcloud."" · ac841585
  nimrod authored Mar 12, 2021
```
This reverts commit cfba896a.

Here we go again.
```
  ac841585
- sogo.shore.co.il · 21b09c09
  nimrod authored Feb 27, 2021
  
  21b09c09
- Revert "Temporarily disable CSP in Nextcloud." · 8e3bf3ff
  nimrod authored Feb 26, 2021
```
This reverts commit 5fd00d28.
```
  8e3bf3ff
- Revert "Another Nextcloud and Collabora Online workaround." · 28d15c45
  nimrod authored Feb 26, 2021
```
This reverts commit dda18375.
```
  28d15c45
- Another Nextcloud and Collabora Online workaround. · 6b12c007
  nimrod authored Feb 26, 2021
```
This time it's mixed content.
```
  6b12c007
- Temporarily disable CSP in Nextcloud. · 765e489c
  nimrod authored Feb 26, 2021
```
Trying to figure out and issue with Nextcloud and Collabora Online.
Should be reverted ASAP.
```
  765e489c
- Use the Vouch proxy sidecar. · 68e96098
  nimrod authored Feb 04, 2021
  
  68e96098
- zpush.shore.co.il. · 43ef9640
  nimrod authored Feb 01, 2021
  
  43ef9640
- vouch.shore.co.il · d6ceebd0
  nimrod authored Jan 29, 2021
  
  d6ceebd0
- Correct naming for lam config. · c2c4c8af
  nimrod authored Jan 29, 2021
  
  c2c4c8af
- Enable HTTP2 on the rest of the services. · 46c4c50e
  nimrod authored Jan 28, 2021
  
  46c4c50e
- Same well-known directory for ACME challenge for mail. · 8e665c40
  nimrod authored Jan 28, 2021
```
To make more uniform, use the same location on all hosts. Instead of
copying the same tasks over and over in the renew-certs playbook in the
homelab repo.
```
  8e665c40
- Remove unused bind-mounts. · de756fca
  nimrod authored Jan 28, 2021
```
Those directories were used by hosts now served by ns4.
```
  de756fca
- Collabora online. · b3fbf9a6
  nimrod authored Jan 26, 2021
  
  b3fbf9a6
- {www.,}shore.co.il is now served by ns4, remove from host01. · dd548be6
  nimrod authored Jan 17, 2021
  
  dd548be6
- LDAP account manager. · 13ccd71a
  nimrod authored Jan 16, 2021
```
Access LAM on its own domain (from inside the network only).
```
  13ccd71a
- Cleanup. · 13fb302b
  nimrod authored Jan 12, 2021
```
- No more proxying in www.shore.co.il. I think about redoing it all with
  a subdomain per service. Also no more secrets, intead authenticate
  against the LDAP server or something.
- CI templates.
- Simpler self-signed SSL certificate generation.
- Set the hostname in CI.
- Use the www-redirect snippet in shore.co.il.
```
  13fb302b
- Revert "A general master branch." · 24ac95c4
  nimrod authored Jan 12, 2021
```
This reverts commit d4d48591. I'm
reverting most of it but amending or mending a few things that I'm going
to move to ns4.
```
  24ac95c4
- Pull during the build stage. · e96c031a
  nimrod authored Mar 26, 2021
  
  e96c031a
- Update Nginx. · eab0cdaa
  nimrod authored Mar 26, 2021
  
  eab0cdaa
- Update Vouch. · 8d89640b
  nimrod authored Mar 26, 2021
  
  8d89640b
Feb 19, 2021
- Update Nginx. · 157f59dd
  nimrod authored Feb 19, 2021
  
  157f59dd
Feb 11, 2021

nimrod authored Feb 11, 2021

Mainly ChaCha20. Also disable AESCCM (as per
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
it's slow and uncommon).

bda77ac0

Feb 04, 2021

Add a Vouch proxy to all hosts. · f496744b

nimrod authored Feb 04, 2021

Vouch uses the Host header for calculating the JWT but we can't override
that (proxying won't work with an incorrect header). So instead it to
each deployment so we don't have multiple proxies and can override the
Host header.

f496744b

Jan 30, 2021
- Use the redirect to www snippet in the default site. · 9bc804a8
  nimrod authored Jan 30, 2021
  
  9bc804a8
Jan 29, 2021
- Authentication snippet. · e85e8b6b
  nimrod authored Jan 29, 2021
```
Using vouch.shore.co.il.
```
  e85e8b6b
- Validate secure proxied servers. · 8d738c96
  nimrod authored Jan 29, 2021
```
Use the CA certificate bundle and set the verification depth (for
intermediate certificates). Right now for Vouch.
```
  8d738c96
Jan 28, 2021
- Enable HTTP2 on the default site. · dcd85176
  nimrod authored Jan 28, 2021
  
  dcd85176
Jan 27, 2021

Access acme challenge directory on the host. · 591263a9

nimrod authored Jan 28, 2021

Needed for the default (fallback) acme challenge access (with the
renew-certs playbooks from the homelab repo).

591263a9

Jan 26, 2021
- Websockets snippet. · 105ac91f
  nimrod authored Jan 26, 2021
  
  105ac91f
Jan 22, 2021
- All branches no longer use the HOSTNAME variable. · a6684d25
  nimrod authored Jan 23, 2021
  
  a6684d25
- Common, selective jobs based on the branch. · c31d6f1d
  nimrod authored Jan 23, 2021
```
To have a common .gitlab-ci.yml.
```
  c31d6f1d
- Common CI config. · 426ddf7f
  nimrod authored Jan 23, 2021
  
  426ddf7f
Jan 12, 2021

Faster refresh of DNS. · cf84731b

nimrod authored Jan 13, 2021

The Docker resolver replies with a TTL of 600, too long. Refresh after
30 seconds.

cf84731b

Allow Let's Encrypt validation in the fallback site. · 5a4c6378
nimrod authored Jan 12, 2021

5a4c6378

Self-signed certificate generation. · 941d9af7

nimrod authored Jan 12, 2021

By default the cerificate is valid for 30 days, reasonable. Also, using
-batch means the default values are used and the certificate is
generated without any input required.

941d9af7