Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 git
|
361d2dc87b | ||
|
git
|
2499924afc | ||
|
git
|
b2ff514a71 | ||
|
beatz174-bit
|
b5cfdde00f | ||
|
beatz174-bit
|
d99e2767b5 | ||
|
beatz174-bit
|
7f8e920fa1 | ||
|
git
|
c10b834be0 | ||
|
git
|
f08a567933 | ||
|
beatz174-bit
|
85d7859b14 | ||
|
beatz174-bit
|
d06c53ef0b |
@@ -61,12 +61,13 @@ PORTAINER_GODEBUG=netdns=cgo
|
||||
|
||||
# Node-red
|
||||
DOCKER_SOCKET_PROXY_HOST=tcp://docker-socket-proxy:2375
|
||||
DOCKER_SOCKET_PROXY_LOG_LEVEL=debug
|
||||
DOCKER_SOCKET_PROXY_LOG_LEVEL=info
|
||||
NODE_COMPOSE_ROOT=/compose
|
||||
|
||||
# mTLS bridge
|
||||
MTLS_BRIDGE_LOG_LEVEL=DEBUG
|
||||
MTLS_BRIDGE_LOG_LEVEL=INFO
|
||||
MTLS_BRIDGE_TIMEOUT=5
|
||||
MTLS_BRIDGE_CLIENT_KEY=/certs/clients/office-pc/office-pc.key
|
||||
MTLS_BRIDGE_CLIENT_CERT=/certs/clients/office-pc/office-pc.crt
|
||||
MTLS_BRIDGE_TARGET_URL=http://node-red:1880/docker-update-lockouts/clear
|
||||
MTLS_BRIDGE_CORS_ALLOW_ORIGIN=https://grafana.lan.ddnsgeek.com
|
||||
|
||||
@@ -16,6 +16,8 @@ Internal HTTP-to-mTLS bridge for services that cannot present client certificate
|
||||
- `CA_CERT` (default `/certs/ca.crt`): CA certificate bundle used to verify upstream TLS.
|
||||
- `TIMEOUT` (default `5`): request timeout in seconds.
|
||||
- `LOG_LEVEL` (default `INFO`): Python logging level.
|
||||
- `MTLS_BRIDGE_BASIC_AUTH_USERS` (required for Traefik auth): value for `traefik.http.middlewares.*.basicauth.users` (e.g. `user:$$apr1$$...`).
|
||||
- `MTLS_BRIDGE_CORS_ALLOW_ORIGIN` (default `https://grafana.lan.ddnsgeek.com`): origin allowed for browser-based panel actions.
|
||||
|
||||
## Endpoints
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ services:
|
||||
build:
|
||||
context: ${PROJECT_ROOT}/monitoring/mtls-bridge
|
||||
container_name: mtls-bridge
|
||||
hostname: mtls-bridge.lan.ddnsgeek.com
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TARGET_URL=${MTLS_BRIDGE_TARGET_URL}
|
||||
@@ -19,9 +20,23 @@ services:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mtls-bridge.entrypoints=websecure"
|
||||
- "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.mtls-bridge.middlewares=mtls-bridge-auth,mtls-bridge-cors"
|
||||
- "traefik.http.middlewares.mtls-bridge-auth.basicauth.users=${MTLS_BRIDGE_BASIC_AUTH_USERS}"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.rule=Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.entrypoints=websecure"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.middlewares=mtls-bridge-cors"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.priority=100"
|
||||
- "traefik.http.routers.mtls-bridge-preflight.service=mtls-bridge"
|
||||
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist=${MTLS_BRIDGE_CORS_ALLOW_ORIGIN}"
|
||||
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods=GET,POST,PUT,PATCH,DELETE,OPTIONS"
|
||||
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders=authorization,content-type,x-grafana-action,x-grafana-device-id"
|
||||
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials=true"
|
||||
- "traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader=true"
|
||||
- "io.portainer.accesscontrol.public"
|
||||
# - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware"
|
||||
- "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080"
|
||||
- "traefik.docker.network=core_traefik"
|
||||
healthcheck:
|
||||
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health', timeout=3).read()"]
|
||||
interval: 30s
|
||||
|
||||
@@ -115,3 +115,22 @@
|
||||
{"ts":"2026-04-13T05:27:32.283Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:06:45.327Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:06:45.328Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:26:45.292Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:26:45.293Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:31:45.282Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T07:31:45.283Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T08:14:39.514Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T08:15:33.209Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T10:38:33.065Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T10:39:26.857Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T10:39:26.857Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T23:42:19.598Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T23:43:13.246Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-13T23:43:13.246Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-14T00:19:10.544Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-14T00:20:04.306Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-14T00:20:04.308Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-14T01:24:35.295Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
|
||||
{"ts":"2026-04-14T01:25:29.131Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
|
||||
|
||||
+13
-13
@@ -1,13 +1,13 @@
|
||||
12:02:41 INFO: === Update started: 2026-04-12 12:02:41 ===
|
||||
12:02:41 WARNING: Skipping traefik (directory does not exist)
|
||||
12:02:41 WARNING: Skipping nextcloud (directory does not exist)
|
||||
12:02:41 WARNING: Skipping passbolt (directory does not exist)
|
||||
12:02:41 WARNING: Skipping searxng (directory does not exist)
|
||||
12:02:41 WARNING: Skipping gitea (directory does not exist)
|
||||
12:02:41 WARNING: Skipping gotify (directory does not exist)
|
||||
12:02:41 WARNING: Skipping grafana (directory does not exist)
|
||||
12:02:41 WARNING: Skipping gramps (directory does not exist)
|
||||
12:02:41 WARNING: Skipping portainer (directory does not exist)
|
||||
12:02:41 WARNING: Skipping prometheus (directory does not exist)
|
||||
12:02:41 WARNING: Skipping uptime-kuma (directory does not exist)
|
||||
12:02:41 INFO: Pruning unused containers, images, networks, and volumes...
|
||||
08:07:03 INFO: === Update started: 2026-04-14 08:07:03 ===
|
||||
08:07:03 WARNING: Skipping traefik (directory does not exist)
|
||||
08:07:03 WARNING: Skipping nextcloud (directory does not exist)
|
||||
08:07:03 WARNING: Skipping passbolt (directory does not exist)
|
||||
08:07:03 WARNING: Skipping searxng (directory does not exist)
|
||||
08:07:03 WARNING: Skipping gitea (directory does not exist)
|
||||
08:07:03 WARNING: Skipping gotify (directory does not exist)
|
||||
08:07:03 WARNING: Skipping grafana (directory does not exist)
|
||||
08:07:03 WARNING: Skipping gramps (directory does not exist)
|
||||
08:07:03 WARNING: Skipping portainer (directory does not exist)
|
||||
08:07:03 WARNING: Skipping prometheus (directory does not exist)
|
||||
08:07:03 WARNING: Skipping uptime-kuma (directory does not exist)
|
||||
08:07:03 INFO: Pruning unused containers, images, networks, and volumes...
|
||||
|
||||
Reference in New Issue
Block a user