konrad/homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: audit and fix service configurations and allowedOrigins

Browse Source
This commit is contained in:
KonradHerman
2026-05-06 13:23:51 -04:00
parent f52b4ae2b4
commit ccb9d44c04
13 changed files with 522 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pve/lxc-103-coolify/data/coolify/proxy/docker-compose.yml
+54
View File
@@ -0,0 +1,54 @@
name: coolify-proxy
networks:
coolify:
external: true
services:
traefik:
container_name: coolify-proxy
image: 'traefik:v3.6'
restart: unless-stopped
extra_hosts:
- 'host.docker.internal:host-gateway'
networks:
- coolify
ports:
- '80:80'
- '443:443'
- '443:443/udp'
- '8080:8080'
healthcheck:
test: 'wget -qO- http://localhost:80/ping || exit 1'
interval: 4s
timeout: 2s
retries: 5
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- '/data/coolify/proxy/:/traefik'
command:
- '--ping=true'
- '--ping.entrypoint=http'
- '--api.dashboard=true'
- '--entrypoints.http.address=:80'
- '--entrypoints.http.forwardedheaders.trustedips=192.168.0.40'
- '--entrypoints.https.address=:443'
- '--entrypoints.https.forwardedheaders.trustedips=192.168.0.40'
- '--entrypoints.http.http.encodequerysemicolons=true'
- '--entryPoints.http.http2.maxConcurrentStreams=250'
- '--entrypoints.https.http.encodequerysemicolons=true'
- '--entryPoints.https.http2.maxConcurrentStreams=250'
- '--entrypoints.https.http3'
- '--providers.file.directory=/traefik/dynamic/'
- '--providers.file.watch=true'
- '--certificatesresolvers.letsencrypt.acme.httpchallenge=true'
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
- '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json'
- '--api.insecure=false'
- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.server.port=8080
- coolify.managed=true
- coolify.proxy=true
pve/lxc-103-coolify/data/coolify/proxy/dynamic/Caddyfile
+1
View File
@@ -0,0 +1 @@
import /dynamic/*.caddy
pve/lxc-103-coolify/data/coolify/proxy/dynamic/coolify.yaml
+65
View File
@@ -0,0 +1,65 @@
# This file is automatically generated by Coolify.
# Do not edit it manually (only if you know what are you doing).
http:
middlewares:
redirect-to-https:
redirectscheme:
scheme: https
gzip:
compress: true
routers:
coolify-http:
middlewares:
- redirect-to-https
entryPoints:
- http
service: coolify
rule: Host(`coolify.klhoud.com`)
coolify-realtime-ws:
entryPoints:
- http
service: coolify-realtime
rule: 'Host(`coolify.klhoud.com`) && PathPrefix(`/app`)'
coolify-terminal-ws:
entryPoints:
- http
service: coolify-terminal
rule: 'Host(`coolify.klhoud.com`) && PathPrefix(`/terminal/ws`)'
coolify-https:
entryPoints:
- https
service: coolify
rule: Host(`coolify.klhoud.com`)
tls:
certresolver: letsencrypt
coolify-realtime-wss:
entryPoints:
- https
service: coolify-realtime
rule: 'Host(`coolify.klhoud.com`) && PathPrefix(`/app`)'
tls:
certresolver: letsencrypt
coolify-terminal-wss:
entryPoints:
- https
service: coolify-terminal
rule: 'Host(`coolify.klhoud.com`) && PathPrefix(`/terminal/ws`)'
tls:
certresolver: letsencrypt
services:
coolify:
loadBalancer:
servers:
-
url: 'http://coolify:8080'
coolify-realtime:
loadBalancer:
servers:
-
url: 'http://coolify-realtime:6001'
coolify-terminal:
loadBalancer:
servers:
-
url: 'http://coolify-realtime:6002'
pve/lxc-103-coolify/data/coolify/proxy/dynamic/default_redirect_503.yaml
+18
View File
@@ -0,0 +1,18 @@
# This file is generated by Coolify, do not edit it manually.
# Disable the default redirect to customize (only if you know what are you doing).
http:
routers:
catchall:
entryPoints:
- http
- https
service: noop
rule: PathPrefix(`/`)
tls:
certResolver: letsencrypt
priority: -1000
services:
noop:
loadBalancer:
servers: { }