DarkSirrush@lemmy.catoSelfhosted@lemmy.world•Pi-hole client filtering without DHCP?English
2·
1 month agoI am definitely not the best at networking, but can’t you do that through your current dhcp client?
I am definitely not the best at networking, but can’t you do that through your current dhcp client?
Try using the share option, and choose firefox?
I can share my traefik setup - note I am doing this on my phone at work, so I might miss something
compose.yaml
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.middlewares=authwares@file"
GNU nano 7.2 /config/traefik/dynamic/middlewares.yaml
http:
middlewares:
limit:
buffering:
memRequestBodyBytes: 5000000000
memResponseBodyBytes: 5000000000
maxRequestBodyBytes: 5000000000
maxResponseBodyBytes: 5000000000
authwares:
chain:
middlewares:
- default-headers
- authelia
- limit
default-headers:
headers:
accessControlAllowHeaders: "content-type,authorization"
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
- POST
- DELETE
frameDeny: true
accessControlAllowOriginList: "*"
accessControlMaxAge: 100
addVaryHeader: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
referrerPolicy: "strict-origin-when-cross-origin"
customRequestHeaders:
X-Forwarded-Proto: https
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https,wss"
hostsProxyHeaders:
- "X-Forwarded-Host"
authelia:
forwardAuth:
address: http://auth/api/verify?rd=https%3A%2F%2Fauth.example.com%2F
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
GNU nano 7.2 /config/traefik/traefik.yaml
global:
checkNewVersion: false
sendAnonymousUsage: false
entryPoints:
web:
address: :80
proxyProtocol:
insecure: false
trustedIPs:
- 172.32.0.0/16
- 192.168.1.0/24
forwardedHeaders:
insecure: false
trustedIPs:
- 172.32.0.0/16
- 192.168.1.0/24
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: :443
proxyProtocol:
insecure: false
trustedIPs:
- 172.32.0.0/16
- 192.168.1.0/24
forwardedHeaders:
insecure: false
trustedIPs:
- 172.32.0.0/16
- 192.168.1.0/24
http:
tls:
options: modern@file
certResolver: letsencrypt
domains:
- main: "example.com"
sans:
- "*.example.com"
providers:
docker:
exposedByDefault: false
network: compose_proxied
allowEmptyServices: true
endpoint: "http://socket:2375/"
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)"
file:
directory: /config/dynamic
watch: true
api:
insecure: false
dashboard: true
certificatesResolvers:
letsencrypt:
acme:
email: acme@example.com
storage: /certificates/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
log:
level: DEBUG
filePath: /config/logs/traefik.log
format: json
accesslog:
filepath: /config/logs/access.log
bufferingSize: 100
format: json
Guess I am making this in excel now.
Note that its also possible to set up service auto discovery with traefik, the only traefik related config I do on new containers is
Traefik.enabled=true
I lasted 3 months before it broke itself beyond my ability to repair (my entire DE got uninstalled during an update), switched to EndeavourOS, and have had zero issues that weren’t me doing something dumb.
I recently posted most of my traefik configs, you can use it as a base to learn how traefik works:
https://lemmy.ca/comment/17702205
Note that I might not be much help with troubleshooting, as this took me a lot of trial and error and googling to make work.