beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: beatzaplenty/docker:85cf56fcaff79c75ecbdad5b3c8b69c023a93754
Branches Tags
beatzaplenty/docker:main
..
compare: beatzaplenty/docker:361d2dc87b86a10a13ed072c21e8ac067adca7bb
Branches Tags
beatzaplenty/docker:main

10 Commits
85cf56fcaf .. 361d2dc87b

Author SHA1 Message Date
git 361d2dc87b modified: core/traefik/traefik.yml 
modified:   default-environment.env
	modified:   monitoring/mtls-bridge/docker-compose.yml
	modified:   monitoring/node-red/data/context/00b02bbd01c91485/flow.json
	modified:   monitoring/node-red/data/update-events.ndjson
 2026-04-14 11:32:19 +10:00
git 2499924afc Merge branch 'main' of https://github.com/beatz174-bit/docker 
monitoring/mtls-bridge/docker-compose.yml

	modified:   monitoring/mtls-bridge/README.md
	modified:   monitoring/mtls-bridge/docker-compose.yml
 2026-04-14 11:11:47 +10:00
git b2ff514a71 modified: core/traefik/traefik.yml 
modified:   default-environment.env
	modified:   monitoring/mtls-bridge/docker-compose.yml
	modified:   monitoring/node-red/data/context/00b02bbd01c91485/flow.json
	modified:   monitoring/node-red/data/update-events.ndjson
 2026-04-14 11:08:57 +10:00
beatz174-bit b5cfdde00f Merge pull request #38 from beatz174-bit/codex/add-traefik-label-for-basic-authentication-s6q3tm 
Add Traefik basic-auth and CORS middlewares to mtls-bridge and document env vars
 2026-04-14 11:08:40 +10:00
beatz174-bit d99e2767b5 Merge branch 'main' into codex/add-traefik-label-for-basic-authentication-s6q3tm 2026-04-14 11:08:34 +10:00
beatz174-bit 7f8e920fa1 Add CORS and OPTIONS handling for mtls-bridge panel actions 2026-04-14 11:06:45 +10:00
git c10b834be0 Merge branch 'main' of https://github.com/beatz174-bit/docker 2026-04-14 09:34:26 +10:00
git f08a567933 modified: monitoring/mtls-bridge/docker-compose.yml 
modified:   monitoring/node-red/data/update-events.ndjson
	modified:   update-containers.log
 2026-04-14 09:34:12 +10:00
beatz174-bit 85d7859b14 Merge pull request #37 from beatz174-bit/codex/add-traefik-label-for-basic-authentication 
Add Traefik basic-auth labels to mtls-bridge
 2026-04-14 09:32:54 +10:00
beatz174-bit d06c53ef0b Add Traefik basic auth middleware for mtls-bridge 2026-04-14 09:32:18 +10:00
5 changed files with 52 additions and 15 deletions
Expand all files Collapse all files
default-environment.env
+3 -2
View File
@@ -61,12 +61,13 @@ PORTAINER_GODEBUG=netdns=cgo
# Node-red # Node-red
DOCKER_SOCKET_PROXY_HOST=tcp://docker-socket-proxy:2375 DOCKER_SOCKET_PROXY_HOST=tcp://docker-socket-proxy:2375
DOCKER_SOCKET_PROXY_LOG_LEVEL=debug DOCKER_SOCKET_PROXY_LOG_LEVEL=info
NODE_COMPOSE_ROOT=/compose NODE_COMPOSE_ROOT=/compose
# mTLS bridge # mTLS bridge
MTLS_BRIDGE_LOG_LEVEL=DEBUG MTLS_BRIDGE_LOG_LEVEL=INFO
MTLS_BRIDGE_TIMEOUT=5 MTLS_BRIDGE_TIMEOUT=5
MTLS_BRIDGE_CLIENT_KEY=/certs/clients/office-pc/office-pc.key MTLS_BRIDGE_CLIENT_KEY=/certs/clients/office-pc/office-pc.key
MTLS_BRIDGE_CLIENT_CERT=/certs/clients/office-pc/office-pc.crt MTLS_BRIDGE_CLIENT_CERT=/certs/clients/office-pc/office-pc.crt
MTLS_BRIDGE_TARGET_URL=http://node-red:1880/docker-update-lockouts/clear MTLS_BRIDGE_TARGET_URL=http://node-red:1880/docker-update-lockouts/clear
MTLS_BRIDGE_CORS_ALLOW_ORIGIN=https://grafana.lan.ddnsgeek.com
monitoring/mtls-bridge/README.md
+2
View File
@@ -16,6 +16,8 @@ Internal HTTP-to-mTLS bridge for services that cannot present client certificate
- `CA_CERT` (default `/certs/ca.crt`): CA certificate bundle used to verify upstream TLS. - `CA_CERT` (default `/certs/ca.crt`): CA certificate bundle used to verify upstream TLS.
- `TIMEOUT` (default `5`): request timeout in seconds. - `TIMEOUT` (default `5`): request timeout in seconds.
- `LOG_LEVEL` (default `INFO`): Python logging level. - `LOG_LEVEL` (default `INFO`): Python logging level.
- `MTLS_BRIDGE_BASIC_AUTH_USERS` (required for Traefik auth): value for `traefik.http.middlewares.*.basicauth.users` (e.g. `user:$$apr1$$...`).
- `MTLS_BRIDGE_CORS_ALLOW_ORIGIN` (default `https://grafana.lan.ddnsgeek.com`): origin allowed for browser-based panel actions.
## Endpoints ## Endpoints
monitoring/mtls-bridge/docker-compose.yml
+15
View File
@@ -4,6 +4,7 @@ services:
build: build:
context: ${PROJECT_ROOT}/monitoring/mtls-bridge context: ${PROJECT_ROOT}/monitoring/mtls-bridge
container_name: mtls-bridge container_name: mtls-bridge
hostname: mtls-bridge.lan.ddnsgeek.com
restart: unless-stopped restart: unless-stopped
environment: environment:
- TARGET_URL=${MTLS_BRIDGE_TARGET_URL} - TARGET_URL=${MTLS_BRIDGE_TARGET_URL}
@@ -19,9 +20,23 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.mtls-bridge.entrypoints=websecure" - "traefik.http.routers.mtls-bridge.entrypoints=websecure"
- "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver" - "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver"
- "traefik.http.routers.mtls-bridge.middlewares=mtls-bridge-auth,mtls-bridge-cors"
- "traefik.http.middlewares.mtls-bridge-auth.basicauth.users=${MTLS_BRIDGE_BASIC_AUTH_USERS}"
- "traefik.http.routers.mtls-bridge-preflight.rule=Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)"
- "traefik.http.routers.mtls-bridge-preflight.entrypoints=websecure"
- "traefik.http.routers.mtls-bridge-preflight.tls.certresolver=myresolver"
- "traefik.http.routers.mtls-bridge-preflight.middlewares=mtls-bridge-cors"
- "traefik.http.routers.mtls-bridge-preflight.priority=100"
- "traefik.http.routers.mtls-bridge-preflight.service=mtls-bridge"
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist=${MTLS_BRIDGE_CORS_ALLOW_ORIGIN}"
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods=GET,POST,PUT,PATCH,DELETE,OPTIONS"
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders=authorization,content-type,x-grafana-action,x-grafana-device-id"
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader=true"
- "io.portainer.accesscontrol.public" - "io.portainer.accesscontrol.public"
# - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware" # - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware"
- "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080" - "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080"
- "traefik.docker.network=core_traefik"
healthcheck: healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health', timeout=3).read()"] test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health', timeout=3).read()"]
interval: 30s interval: 30s
monitoring/node-red/data/update-events.ndjson
+19
View File
@@ -115,3 +115,22 @@
{"ts":"2026-04-13T05:27:32.283Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""} {"ts":"2026-04-13T05:27:32.283Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""} {"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""} {"ts":"2026-04-13T05:28:25.458Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:06:45.327Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:06:45.328Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:26:45.292Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:26:45.293Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:31:45.282Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T07:31:45.283Z","flow":"docker-updates","event":"completed","container":"nextcloud-redis","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T08:14:39.514Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T08:15:33.209Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T10:38:33.065Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T10:39:26.857Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T10:39:26.857Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T23:42:19.598Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T23:43:13.246Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-13T23:43:13.246Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-14T00:19:10.544Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-14T00:20:04.306Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-14T00:20:04.308Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"locked","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-14T01:24:35.295Z","flow":"docker-updates","event":"completed","container":"update-test","project":"unknown","host":"docker","status":"success","success":1,"failed":0,"duration_ms":0,"code":0,"error":""}
{"ts":"2026-04-14T01:25:29.131Z","flow":"docker-updates","event":"completed","container":"telegraf","project":"unknown","host":"docker","status":"failed","success":0,"failed":1,"duration_ms":0,"code":0,"error":""}
update-containers.log
+13 -13
View File
@@ -1,13 +1,13 @@
12:02:41 INFO: === Update started: 2026-04-12 12:02:41 === 08:07:03 INFO: === Update started: 2026-04-14 08:07:03 ===
12:02:41 WARNING: Skipping traefik (directory does not exist) 08:07:03 WARNING: Skipping traefik (directory does not exist)
12:02:41 WARNING: Skipping nextcloud (directory does not exist) 08:07:03 WARNING: Skipping nextcloud (directory does not exist)
12:02:41 WARNING: Skipping passbolt (directory does not exist) 08:07:03 WARNING: Skipping passbolt (directory does not exist)
12:02:41 WARNING: Skipping searxng (directory does not exist) 08:07:03 WARNING: Skipping searxng (directory does not exist)
12:02:41 WARNING: Skipping gitea (directory does not exist) 08:07:03 WARNING: Skipping gitea (directory does not exist)
12:02:41 WARNING: Skipping gotify (directory does not exist) 08:07:03 WARNING: Skipping gotify (directory does not exist)
12:02:41 WARNING: Skipping grafana (directory does not exist) 08:07:03 WARNING: Skipping grafana (directory does not exist)
12:02:41 WARNING: Skipping gramps (directory does not exist) 08:07:03 WARNING: Skipping gramps (directory does not exist)
12:02:41 WARNING: Skipping portainer (directory does not exist) 08:07:03 WARNING: Skipping portainer (directory does not exist)
12:02:41 WARNING: Skipping prometheus (directory does not exist) 08:07:03 WARNING: Skipping prometheus (directory does not exist)
12:02:41 WARNING: Skipping uptime-kuma (directory does not exist) 08:07:03 WARNING: Skipping uptime-kuma (directory does not exist)
12:02:41 INFO: Pruning unused containers, images, networks, and volumes... 08:07:03 INFO: Pruning unused containers, images, networks, and volumes...