f1b3417202
docker: add convenience packages
2021-06-21 11:32:43 +02:00
57c7b06f03
authelia: secure portainer, keycloak, allow local
2021-06-21 11:32:24 +02:00
11c96fe48d
portainer: allow access to ldap
2021-06-21 11:28:52 +02:00
8175a62c0b
nginx: make sure https redirect works
2021-06-21 11:28:36 +02:00
53570a1f08
minor: fix space
2021-06-21 11:11:27 +02:00
a0b1b75a73
Improve networks
...
Create a single external network called "external".
Create container-specific networks.
Only a few containers need access to these.
So far: openldap, postgres.
2021-06-21 10:38:18 +02:00
d6a6e418b6
nginx: log subrequests
2021-06-21 09:53:47 +02:00
f07c3128e1
portainer: copy nginx conf
2021-06-20 23:26:54 +02:00
a2651e5f79
portainer: add nginx-internal network
2021-06-20 23:09:33 +02:00
7e2c66c907
Set portainer to one_factor
2021-06-20 23:09:22 +02:00
e28b445cd8
portainer: add nginx conf
2021-06-20 23:07:20 +02:00
f2d80dbe15
portainer: add main task
2021-06-20 23:07:19 +02:00
8ab660cebb
Fix error introduced in 9cf68c4fda
2021-06-20 23:06:48 +02:00
9cf68c4fda
authelia: set everything to bypass for now
2021-06-20 21:54:32 +02:00
a465111aa7
authelia: move proxy config up
2021-06-20 21:53:20 +02:00
13c9974b4d
Fix authelia-*.conf
...
The example at https://www.authelia.com/docs/deployment/supported-proxies/nginx.html
does not seem to work. Updated with code from:
https://github.com/linuxserver/docker-swag/blob/master/root/defaults/authelia-server.conf
https://github.com/linuxserver/docker-swag/blob/master/root/defaults/authelia-location.conf
2021-06-20 20:58:09 +02:00
171ef655f8
general: add provision.sh
2021-06-20 20:37:06 +02:00
3ee7f94194
minor: add missing semicolon
2021-06-20 20:35:08 +02:00
8658efa4d9
minor: add space around variable
2021-06-20 19:44:58 +02:00
f73272ac91
keycloak: enable authelia interstitial
2021-06-20 19:39:46 +02:00
3d06cf48b8
authelia: add configuration.yml
2021-06-20 19:39:31 +02:00
851f5ac25e
authelia: add more nginx configuration
2021-06-20 19:38:53 +02:00
c45df9911f
authelia: add the nginx configuration
2021-06-20 19:38:28 +02:00
c19bd16a41
authelia: add the main task
2021-06-20 19:38:06 +02:00
b7c3a3af8a
openldap: disable debug logging
2021-06-20 18:19:18 +02:00
da527acb17
openldap: remove more cruft
2021-06-20 18:18:44 +02:00
d38701a0e9
openldap: remove cruft
2021-06-20 18:18:21 +02:00
6fca397d25
openldap: move admin password to vault
2021-06-20 18:16:10 +02:00
e986991466
Add Keycloak ( #1 )
2021-05-18 23:10:37 +02:00
6dcb21fe75
Add PostgreSQL ( #14 )
2021-05-18 23:09:37 +02:00
5b5f53564f
nginx: add more snippets, some placeholders
2021-05-18 19:40:58 +02:00
c79009e541
Add hostname to OpenLDAP, remove bridge network
2021-05-18 19:37:43 +02:00
8d193080dc
Allow outside access to LDAP
2021-05-16 23:47:07 +02:00
c93f579af9
Make loading of custom ldifs work
2021-05-16 23:46:45 +02:00
8f4cf4883e
Add minimum viable role.
2021-05-16 23:02:01 +02:00
87853b9fde
Fix nginx template snippets not being copied
2021-05-15 00:01:23 +02:00
af5e7c153f
Move certificates to Ansible Vault ( #27 )
2021-05-14 21:58:11 +00:00
9cd4aa1ad3
Add nginx snippets from Nginx Proxy Manager
2021-05-14 21:58:11 +00:00
2412c87fbb
Change certificate paths in nginx.conf
2021-05-14 21:58:11 +00:00
cd7b9918a1
Change how certificates are installed
2021-05-14 21:58:11 +00:00
69ce5dc3a9
Move certificates to roles/nginx/files for now
2021-05-14 21:58:11 +00:00
f458dc9229
Move from localhost to vagrant
2021-05-13 23:47:34 +02:00
c158a21dfc
nginx: separate self-signed certs
2021-05-05 20:41:28 +02:00
d0d33b47b9
nginx: join the default bridge network for ext access
2021-05-05 19:35:55 +02:00
54de631d29
Improve routing between containers
...
Create user network nginx-internal
and use Docker's internal DNS server
to resolve containers by hostname.
2021-04-27 23:09:21 +02:00
d9bd3ac145
Improve certificate generation
...
1. Generate root CA
2. Generate wildcard CSR
3. Sign wildcard CSR with root CA
4. Install root CA system-wide
2021-04-27 22:29:52 +02:00
4cc2998fac
Generate certificates automatically
2021-04-27 19:13:35 +02:00
765e9e5a47
Enable SSL
2021-04-26 23:54:10 +02:00
4907cdfd99
Explicitly restart containers to prevent hard-to-debug issues
2021-04-26 22:36:53 +02:00
58fd1aa430
Make sure directories exist
2021-04-26 22:35:59 +02:00
