viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1163 commits 2 branches 0 tags 2.3 GiB
Commit graph

17 commits

Author SHA1 Message Date
Viktor Barzin
eef9d25874 [ci skip] Strip Authentik auth headers before forwarding to backend 
Add strip-auth-headers Traefik middleware that removes X-authentik-*
headers from requests before they reach the backend. Backends like
iDRAC and TP-Link gateway break when receiving these extra headers.
 2026-02-07 20:28:44 +00:00
Viktor Barzin
f01e92b1d9 [ci skip] Fix HTTPS backend proxying for reverse-proxy services 
- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory
 2026-02-07 13:56:24 +00:00
Viktor Barzin
b36932f9a3 Migrate all service modules from nginx-ingress to Traefik 
- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet)
- Update ingress annotations to use Traefik middleware CRDs
- Delete nginx-ingress module (replaced by traefik)
- Add new traefik middleware.tf for shared middleware definitions
- Update service modules to work with new ingress_factory interface
 2026-02-07 13:25:49 +00:00
Viktor Barzin
8601c26e63 add boilerplate for adding basic auth as fallback when authentik is down [ci skip] 2026-01-18 14:05:24 +00:00
Viktor Barzin
f1e9fb9afe add tier to all deployments [ci skip] 2026-01-10 16:28:14 +00:00
Viktor Barzin
cb42771a57 add some more headers when authenticating with authentik [ci skip] 2025-12-28 20:07:50 +00:00
Viktor Barzin
7afd3e758e add rybbit monitoring to ingresses [ci skip] 2025-12-18 08:53:19 +00:00
Viktor Barzin
dffff2d831 pass fewer authentik headers to upstream [ci skip] 2024-12-24 10:57:21 +00:00
Viktor Barzin
72d780c26f replace oauth proxy with authentik auth [ci skip] 2024-11-18 22:06:31 +00:00
Viktor Barzin
cf39034bdf add homepage module and some more integrations [ci skip] 2024-10-20 13:05:03 +00:00
Viktor Barzin
9e39d5e447 add proxy protocol and proxy timeout to reverse-proxy ingresses [ci skip] 2023-12-16 14:40:22 +00:00
Viktor Barzin
5a3e9ea76c add option to set max proxy body size in the reverse proxy factory [ci skip] 2023-12-02 21:36:23 +00:00
Viktor Barzin
9288a884e4 redirect users to external ip of oauth2 while doing the verification against the internal to avoid hairpinning [ci skip] 2023-11-12 16:08:32 +00:00
Viktor Barzin
9e5e6469ff set max body size to 50mb [ci skip] 2023-11-10 22:19:20 +00:00
Viktor Barzin
48b70e9ac2 do not do hairpin for oauth2 proxy redirects [ci skip] 2023-11-10 10:59:56 +00:00
Viktor Barzin
7d8110f41d add option to specify which ingresses are protected and also expose list of paths to allow [ci skip] 2023-11-03 23:27:12 +00:00
Viktor Barzin
4e7752306d add reverse proxy with a bunch of internal sites exposed behind oauth; also update dashy [ci skip] 2023-11-01 13:27:25 +00:00