Commits · master · shore / web-proxy-docker

10 Nov, 2021 2 commits
- Use the new dynamic variables in tags. · 49a82ef3
  nimrod authored Nov 10, 2021
  
  49a82ef3
- Update CI templates location. · 456f9fcd
  nimrod authored Nov 10, 2021
  
  456f9fcd
20 Sep, 2021 2 commits
- Update base image. · 9186834e
  nimrod authored Sep 20, 2021
  
  9186834e
- Update pre-commit hooks. · eea25048
  nimrod authored Sep 20, 2021
  
  eea25048
31 May, 2021 1 commit
- Update Nginx. · ef2a121b
  nimrod authored May 31, 2021
  
  ef2a121b
19 May, 2021 2 commits
- Revert "Set the proxying header for the LDAP auth service." · 37927a36
  nimrod authored May 19, 2021
```
This reverts commit 7885e91e.
```
  37927a36
- Set the proxying header for the LDAP auth service. · 7885e91e
  nimrod authored May 19, 2021
```
So I can get the real client IP in the service.
```
  7885e91e
14 May, 2021 1 commit

Give precedence to the acme challenge. · b7c0865d

nimrod authored May 14, 2021

If the acme challenge is in a location block but the default redirection
is not, the default always takes precedence (Nginx won't resolve the
order between the different directives, but it will between different
location blocks).

b7c0865d

02 May, 2021 3 commits
- Specific redirect in the fallback site. · e0bc90be
  nimrod authored May 02, 2021
  
  e0bc90be
- Generic redirect-www snippet. · b2a6935b
  nimrod authored May 02, 2021
  
  b2a6935b
- Refactor snippet to proxy over HTTPS. · 6e9f8e4c
  nimrod authored May 02, 2021
  
  6e9f8e4c
30 Apr, 2021 1 commit
- Snippets to allow access from my IP addresses. · 4ea5fbb1
  nimrod authored Apr 30, 2021
  
  4ea5fbb1
24 Apr, 2021 4 commits
- Lint .gitlab-ci.yml. · c8a8e374
  nimrod authored Apr 24, 2021
  
  c8a8e374
- Support Upgrade-Insecure-Requests. · 9738dded
  nimrod authored Apr 24, 2021
```
Snippet to redirect to https if Upgrade-Insecure-Requests is set in the
request.
```
  9738dded
- Use the status module for health checks. · 430cc99d
  nimrod authored Apr 24, 2021
  
  430cc99d
- Update Nginx. · eb4a9d36
  nimrod authored Apr 24, 2021
  
  eb4a9d36
23 Apr, 2021 1 commit
- Remvove all sites from Google's FLoC. · ed95c7aa
  nimrod authored Apr 23, 2021
```
How can I miss the opportunity to interfere with Google in any way?
```
  ed95c7aa
21 Apr, 2021 1 commit
- Snippet for LDAP authentication. · 8d2c7db3
  nimrod authored Apr 22, 2021
  
  8d2c7db3
12 Apr, 2021 2 commits
- Update Nginx. · 2c44445c
  nimrod authored Apr 12, 2021
  
  2c44445c
- Longer valid Vouch logins. · 0745e556
  nimrod authored Apr 12, 2021
```
Login every 4 hours isn't reasonable. A week seems better to me.
```
  0745e556
26 Mar, 2021 3 commits
- Pull during the build stage. · e96c031a
  nimrod authored Mar 26, 2021
  
  e96c031a
- Update Nginx. · eab0cdaa
  nimrod authored Mar 26, 2021
  
  eab0cdaa
- Update Vouch. · 8d89640b
  nimrod authored Mar 26, 2021
  
  8d89640b
19 Feb, 2021 1 commit
- Update Nginx. · 157f59dd
  nimrod authored Feb 19, 2021
  
  157f59dd
11 Feb, 2021 1 commit

Enable more modern ciphers. · bda77ac0

nimrod authored Feb 11, 2021

Mainly ChaCha20. Also disable AESCCM (as per
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
it's slow and uncommon).

bda77ac0

04 Feb, 2021 1 commit

Add a Vouch proxy to all hosts. · f496744b

nimrod authored Feb 04, 2021

Vouch uses the Host header for calculating the JWT but we can't override
that (proxying won't work with an incorrect header). So instead it to
each deployment so we don't have multiple proxies and can override the
Host header.

f496744b

30 Jan, 2021 1 commit
- Use the redirect to www snippet in the default site. · 9bc804a8
  nimrod authored Jan 30, 2021
  
  9bc804a8
29 Jan, 2021 2 commits
- Authentication snippet. · e85e8b6b
  nimrod authored Jan 29, 2021
```
Using vouch.shore.co.il.
```
  e85e8b6b
- Validate secure proxied servers. · 8d738c96
  nimrod authored Jan 29, 2021
```
Use the CA certificate bundle and set the verification depth (for
intermediate certificates). Right now for Vouch.
```
  8d738c96
28 Jan, 2021 1 commit
- Enable HTTP2 on the default site. · dcd85176
  nimrod authored Jan 28, 2021
  
  dcd85176
27 Jan, 2021 1 commit

Access acme challenge directory on the host. · 591263a9

nimrod authored Jan 28, 2021

Needed for the default (fallback) acme challenge access (with the
renew-certs playbooks from the homelab repo).

591263a9

26 Jan, 2021 1 commit
- Websockets snippet. · 105ac91f
  nimrod authored Jan 26, 2021
  
  105ac91f
22 Jan, 2021 3 commits
- All branches no longer use the HOSTNAME variable. · a6684d25
  nimrod authored Jan 23, 2021
  
  a6684d25
- Common, selective jobs based on the branch. · c31d6f1d
  nimrod authored Jan 23, 2021
```
To have a common .gitlab-ci.yml.
```
  c31d6f1d
- Common CI config. · 426ddf7f
  nimrod authored Jan 23, 2021
  
  426ddf7f
12 Jan, 2021 5 commits

Faster refresh of DNS. · cf84731b

nimrod authored Jan 13, 2021

The Docker resolver replies with a TTL of 600, too long. Refresh after
30 seconds.

cf84731b

Allow Let's Encrypt validation in the fallback site. · 5a4c6378
nimrod authored Jan 12, 2021

5a4c6378

Self-signed certificate generation. · 941d9af7

nimrod authored Jan 12, 2021

By default the cerificate is valid for 30 days, reasonable. Also, using
-batch means the default values are used and the certificate is
generated without any input required.

941d9af7

Snippet to redirect to wwww. · 468f3143
nimrod authored Jan 12, 2021

468f3143

A general master branch. · d4d48591

nimrod authored Jan 12, 2021

I'm moving some services to ns4, some will remain on host01. I'm
branching to have specific deployment for each host. So have a minimal
and generic master branch so common changes will be done there and I'll
rebase the other branches on top of it.

d4d48591