Update .gitignore, README, and Traefik configuration; add new services and environment variables

2025-12-06 05:40:11 -08:00 · 2025-11-10 19:24:57 -05:00
parent b3ee10a119
commit f9073a07a5
10 changed files with 205 additions and 10 deletions
--- a/pangolin/config/config.yml
+++ b/pangolin/config/config.yml
@@ -0,0 +1,76 @@
+app:
+  dashboard_url: https://pangolin.acedanger.com
+  log_level: info
+  save_logs: false
+domains:
+  domain1:
+    base_domain: acedanger.com
+    cert_resolver: letsencrypt
+  domain2:
+    base_domain: peterwood.rocks
+    cert_resolver: letsencrypt
+  domain3:
+    base_domain: peterwood.dad
+    cert_resolver: letsencrypt
+  domain4:
+    base_domain: ptrwd.com
+    cert_resolver: letsencrypt
+  domain5:
+    base_domain: margotwood.xyz
+    cert_resolver: letsencrypt
+server:
+  external_port: 3000
+  internal_port: 3001
+  next_port: 3002
+  internal_hostname: pangolin
+  session_cookie_name: p_session_token
+  resource_access_token_param: p_token
+  resource_access_token_headers:
+    id: P-Access-Token-Id
+    token: P-Access-Token
+  resource_session_request_param: p_session_request
+  secret: EkiOH3KRHNzde3euT1yTaYIKXchPmHqz
+  cors:
+    origins:
+      - https://pangolin.acedanger.com
+    methods:
+      - GET
+      - POST
+      - PUT
+      - DELETE
+      - PATCH
+    headers:
+      - X-CSRF-Token
+      - Content-Type
+    credentials: false
+traefik:
+  cert_resolver: letsencrypt
+  http_entrypoint: web
+  https_entrypoint: websecure
+gerbil:
+  start_port: 51820
+  base_endpoint: pangolin.acedanger.com
+  use_subdomain: false
+  block_size: 24
+  site_block_size: 30
+  subnet_group: 100.89.137.0/20
+rate_limits:
+  global:
+    window_minutes: 1
+    max_requests: 500
+email:
+  smtp_host: smtp.fastmail.com
+  smtp_port: 465
+  smtp_user: peter@peterwood.dev
+  smtp_pass: 7v5x943m4g58384q
+  no_reply: no-reply@peterwood.dev
+users:
+  server_admin:
+    email: peter@peterwood.dev
+    password: 23!hA1F^RCjT28
+flags:
+  require_email_verification: true
+  disable_signup_without_invite: true
+  disable_user_create_org: false
+  allow_raw_resources: true
+  allow_base_domain_resources: true
--- a/pangolin/config/traefik-dashboard/geoip/COPYRIGHT.txt
+++ b/pangolin/config/traefik-dashboard/geoip/COPYRIGHT.txt
@@ -0,0 +1 @@
+Database and Contents Copyright (c) 2025 MaxMind, Inc.
--- a/pangolin/config/traefik-dashboard/geoip/LICENSE.txt
+++ b/pangolin/config/traefik-dashboard/geoip/LICENSE.txt
@@ -0,0 +1,3 @@
+Use of this MaxMind product is governed by MaxMind's GeoLite2 End User License Agreement, which can be viewed at https://www.maxmind.com/en/geolite2/eula.
+
+This database incorporates GeoNames [https://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 4.0 License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/.
--- a/pangolin/config/traefik-dashboard/geoip/README.txt
+++ b/pangolin/config/traefik-dashboard/geoip/README.txt
@@ -0,0 +1 @@
+Latitude and longitude are not precise and should not be used to identify a particular street address or household.
--- a/pangolin/config/traefik/dynamic_config.yml
+++ b/pangolin/config/traefik/dynamic_config.yml
@@ -41,13 +41,44 @@ http:
      tls:
        certResolver: letsencrypt

+    # Traefik Log Dashboard router
+    traefik-dashboard-redirect:
+      rule: "Host(`traefik-logs.acedanger.com`)"
+      service: traefik-dashboard-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    traefik-dashboard-router:
+      rule: "Host(`traefik-logs.acedanger.com`)"
+      service: traefik-dashboard-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
  services:
    next-service:
      loadBalancer:
        servers:
-          - url: "http://pangolin:3002"  # Next.js server
+          - url: "http://pangolin:3002" # Next.js server

    api-service:
      loadBalancer:
        servers:
-          - url: "http://pangolin:3000"  # API/WebSocket server
+          - url: "http://pangolin:3000" # API/WebSocket server
+
+    traefik-dashboard-service:
+      loadBalancer:
+        servers:
+          - url: "http://traefik-dashboard:3000"
+
+tcp:
+  serversTransports:
+    pp-transport-v1:
+      proxyProtocol:
+        version: 1
+    pp-transport-v2:
+      proxyProtocol:
+        version: 2
--- a/pangolin/config/traefik/traefik_config.yml
+++ b/pangolin/config/traefik/traefik_config.yml
@@ -19,6 +19,20 @@ log:
  level: "INFO"
  format: "common"

+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  format: "json"
+  bufferingSize: 100
+  fields:
+    defaultMode: "keep"
+    names:
+      ClientUsername: "drop"
+    headers:
+      defaultMode: "keep"
+      names:
+        Authorization: "drop"
+        Cookie: "drop"
+
 certificatesResolvers:
  letsencrypt:
    acme:
				`@@ -0,0 +1 @@`
				`Database and Contents Copyright (c) 2025 MaxMind, Inc.`
				`@@ -0,0 +1 @@`
				`Latitude and longitude are not precise and should not be used to identify a particular street address or household.`