Because of the setup I have with HAProxy in ns1 in front of Nginx, all
of the requests have the same client IP. In essence this is just rate
limiting all requests, regardless of the client IP (unless coming from
the internal network).

This reverts commit 95403974.

The headers should be set in the server that has the /validate endpoint
so we can get the correct client IP.

This reverts commit a4960969.

I think this breaks other stuff (like mail).

I swear it should be the other way round (it looks to me like Nextcloud
is embedding the code iframe), but disabling CSP on Nextcloud worked and
I saw a comment on the Internet about it so lets give it a try.

This reverts commit 388c2272.

This reverts commit 2f132439.

This actually solved the issue (Collabora Online worked!) but this is
not a long-term solution, just a test.

This reverts commit cfba896a.

Here we go again.

This reverts commit 5fd00d28.

This reverts commit dda18375.

This time it's mixed content.

Trying to figure out and issue with Nextcloud and Collabora Online.
Should be reverted ASAP.

To make more uniform, use the same location on all hosts. Instead of
copying the same tasks over and over in the renew-certs playbook in the
homelab repo.

Those directories were used by hosts now served by ns4.

Access LAM on its own domain (from inside the network only).

- No more proxying in www.shore.co.il. I think about redoing it all with
  a subdomain per service. Also no more secrets, intead authenticate
  against the LDAP server or something.
- CI templates.
- Simpler self-signed SSL certificate generation.
- Set the hostname in CI.
- Use the www-redirect snippet in shore.co.il.

This reverts commit d4d48591. I'm
reverting most of it but amending or mending a few things that I'm going
to move to ns4.

I'm getting nowhere. I still got an A+, but now I'm marked down because
I don't support TLS 1.2.