- Mar 26, 2021
-
-
nimrod authored
I swear it should be the other way round (it looks to me like Nextcloud is embedding the code iframe), but disabling CSP on Nextcloud worked and I saw a comment on the Internet about it so lets give it a try.
-
nimrod authored
-
nimrod authored
-
nimrod authored
This time it's mixed content.
-
nimrod authored
Trying to figure out and issue with Nextcloud and Collabora Online. Should be reverted ASAP.
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
nimrod authored
To make more uniform, use the same location on all hosts. Instead of copying the same tasks over and over in the renew-certs playbook in the homelab repo.
-
nimrod authored
Those directories were used by hosts now served by ns4.
-
nimrod authored
-
nimrod authored
-
nimrod authored
Access LAM on its own domain (from inside the network only).
-
nimrod authored
- No more proxying in www.shore.co.il. I think about redoing it all with a subdomain per service. Also no more secrets, intead authenticate against the LDAP server or something. - CI templates. - Simpler self-signed SSL certificate generation. - Set the hostname in CI. - Use the www-redirect snippet in shore.co.il.
-
nimrod authored
-
nimrod authored
-
nimrod authored
-
- Feb 19, 2021
-
-
nimrod authored
-
- Feb 11, 2021
-
-
nimrod authored
Mainly ChaCha20. Also disable AESCCM (as per https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ it's slow and uncommon).
-
- Feb 04, 2021
-
-
nimrod authored
Vouch uses the Host header for calculating the JWT but we can't override that (proxying won't work with an incorrect header). So instead it to each deployment so we don't have multiple proxies and can override the Host header.
-
- Jan 30, 2021
-
-
nimrod authored
-
- Jan 29, 2021
- Jan 28, 2021
-
-
nimrod authored
-
- Jan 27, 2021
-
-
nimrod authored
Needed for the default (fallback) acme challenge access (with the renew-certs playbooks from the homelab repo).
-
- Jan 26, 2021
-
-
nimrod authored
-
- Jan 22, 2021
- Jan 12, 2021
-
-
nimrod authored
The Docker resolver replies with a TTL of 600, too long. Refresh after 30 seconds.
-
nimrod authored
-
nimrod authored
By default the cerificate is valid for 30 days, reasonable. Also, using -batch means the default values are used and the certificate is generated without any input required.
-