added auth api svc

fixes
2025-12-10 16:33:31 +05:30 · 2025-11-29 23:17:43 +05:30 · 2025-11-29 23:04:10 +05:30 · 2025-11-29 23:01:47 +05:30 · 2025-11-29 22:57:02 +05:30 · 2025-11-29 22:53:55 +05:30
3 changed files with 514 additions and 13 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -13,9 +13,13 @@ services:
      - "./traefik.yaml:/etc/traefik/traefik.yaml:ro"
      - "./dynamic:/etc/traefik/dynamic:ro"
      - "./letsencrypt:/letsencrypt"
-      - "/auth:/auth:ro"  # Basic auth folder
+      - "/home/aetos/registry/auth:/auth:ro"
+      - "/var/log/traefik:/var/log/traefik"
    networks:
      - backend
+    extra_hosts:
+      - "server-pi:192.168.1.35"
+      - "private-pi:192.168.1.111"

 networks:
  backend:
--- a/dynamic/services.yaml
+++ b/dynamic/services.yaml
@@ -1,35 +1,334 @@
+# ----------------------
+# TCP (SSH) Routers
+# ----------------------
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - ssh
+      service: gitea-ssh
+      rule: "HostSNI(`*`)"  # SSH does not use SNI
+      tls: false
+
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "private-pi:222"
+
+# ----------------------
+# HTTP Routers & Middlewares
+# ----------------------
 http:
  middlewares:
    basic-auth:
      basicAuth:
        usersFile: /auth/htpasswd

+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
    websocket-headers:
      headers:
        customRequestHeaders:
          Connection: "Upgrade"
          Upgrade: "websocket"
+#      # Preserve auth headers for WS
+#      accessControlAllowHeaders:
+#        - Authorization
+#        - Sec-Websocket-Protocol
+#        - Sec-Websocket-Key

    dcr-cors:
      headers:
-        accessControlAllowOrigin: "http://registry.aetoskia.com"
-        accessControlAllowMethods: "GET, POST, PUT, DELETE, OPTIONS"
-        accessControlAllowHeaders: "Authorization, Content-Type"
+        accessControlAllowOriginList:
+          - "http://registry.aetoskia.com"
+        accessControlAllowMethods:
+          - GET
+          - POST
+          - PUT
+          - DELETE
+          - OPTIONS
+        accessControlAllowHeaders:
+          - Authorization
+          - Content-Type
        accessControlMaxAge: 1728000

+    nakama-cors:
+      headers:
+        accessControlAllowOriginList:
+          - "https://games.aetoskia.com"
+        accessControlAllowMethods:
+          - GET
+          - POST
+          - PUT
+          - DELETE
+          - OPTIONS
+        accessControlAllowHeaders:
+          - Authorization
+          - Content-Type
+        accessControlMaxAge: 1728000
+
+    blog-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/blogs"
+
+    coverage-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/coverage"
+
  routers:
+    # ----------------------
+    # HTTP routers for redirect
+    # ----------------------
+    www-http:
+      rule: "Host(`www.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    blog-http:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    games-http:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    # Dashboard
+    traefik-dashboard-http:
+      rule: "Host(`traefik.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    plex-http:
+      rule: "Host(`plex.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    sonarr-http:
+      rule: "Host(`sonarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    radarr-http:
+      rule: "Host(`radarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    bazarr-http:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    prowlarr-http:
+      rule: "Host(`prowlarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    jellyseerr-http:
+      rule: "Host(`jellyseerr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    ombi-http:
+      rule: "Host(`ombi.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    qbit-http:
+      rule: "Host(`qbit.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    gitea-http:
+      rule: "Host(`git.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    docs-http:
+      rule: "Host(`docs.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    drone-http:
+      rule: "Host(`drone.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    dcr-http:
+      rule: "Host(`dcr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    registry-http:
+      rule: "Host(`registry.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    pypiserver-http:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    netdata-http:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    portainer-http:
+      rule: "Host(`portainer.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    mongo-express-http:
+      rule: "Host(`mongo.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    pgadmin-http:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    api-http:
+      rule: "Host(`api.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    nakama-http:
+      rule: "Host(`nakama.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    auth-api-http:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    # ----------------------
+    # HTTPS routers
+    # ----------------------
+    # Landing Page
+    www-https:
+      rule: "Host(`www.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: www-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+#        - basic-auth
+        - websocket-headers
+
+    blog:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: blog-svc
+      tls:
+        certResolver: aetoskia
+
+    games:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: games-svc
+      tls:
+        certResolver: aetoskia
+
    # Dashboard
    traefik-dashboard:
      rule: "Host(`traefik.aetoskia.com`)"
      entryPoints:
        - websecure
-      service: traefik-svc
+      service: api@internal
      tls:
        certResolver: aetoskia
      middlewares:
        - basic-auth

-    # Media Services
+    # Media
    plex:
      rule: "Host(`plex.aetoskia.com`)"
      entryPoints:
@@ -54,6 +353,22 @@ http:
      tls:
        certResolver: aetoskia

+    bazarr:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: bazarr-svc
+      tls:
+        certResolver: aetoskia
+
+    prowlarr:
+      rule: "Host(`prowlarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: prowlarr-svc
+      tls:
+        certResolver: aetoskia
+
    jellyseerr:
      rule: "Host(`jellyseerr.aetoskia.com`)"
      entryPoints:
@@ -80,9 +395,9 @@ http:
      middlewares:
        - websocket-headers

-    # Codebase Services
+    # Codebase
    gitea:
-      rule: "Host(`gitea.aetoskia.com`)"
+      rule: "Host(`git.aetoskia.com`)"
      entryPoints:
        - websecure
      service: gitea-svc
@@ -91,6 +406,16 @@ http:
      middlewares:
        - websocket-headers

+    docs:
+      rule: "Host(`docs.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: docs-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
    drone:
      rule: "Host(`drone.aetoskia.com`)"
      entryPoints:
@@ -118,10 +443,26 @@ http:
      service: registry-svc
      tls:
        certResolver: aetoskia
-#      middlewares:
-#        - basic-auth
+
+    pypiserver:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pypiserver-svc
+      tls:
+        certResolver: aetoskia

    # Monitoring
+    netdata:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: netdata-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - basic-auth
+
    portainer:
      rule: "Host(`portainer.aetoskia.com`)"
      entryPoints:
@@ -130,7 +471,93 @@ http:
      tls:
        certResolver: aetoskia

+    mongo-express:
+      rule: "Host(`mongo.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: mongo-express-svc
+      tls:
+        certResolver: aetoskia
+
+    pgadmin:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pgadmin-svc
+      tls:
+        certResolver: aetoskia
+
+    blog-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/blogs`)"
+      entryPoints:
+        - websecure
+      service: blog-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - blog-api-strip
+
+    coverage-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/coverage`)"
+      entryPoints:
+        - websecure
+      service: coverage-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - coverage-api-strip
+
+    nakama:
+      rule: "Host(`nakama.aetoskia.com`)"
+#      rule: "Host(`nakama.aetoskia.com`) && !PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - nakama-cors
+
+    nakama-ws:
+      rule: "Host(`nakama.aetoskia.com`) && PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    auth-api:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: auth-api-svc
+      tls:
+        certResolver: aetoskia
+
  services:
+    # ----------------------
+    # HTTP Services
+    # ----------------------
+    # Landing Page
+    www-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3001"
+
+    # Blog
+    blog-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3002"
+
+    # Games
+    games-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3003"
+
    # Media
    plex-svc:
      loadBalancer:
@@ -147,6 +574,16 @@ http:
        servers:
          - url: "http://server-pi:7878"

+    bazarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6767"
+
+    prowlarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9696"
+
    jellyseerr-svc:
      loadBalancer:
        servers:
@@ -168,23 +605,71 @@ http:
        servers:
          - url: "http://private-pi:6002"

+    docs-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6007"
+
    drone-svc:
      loadBalancer:
        servers:
-          - url: "http://private-pi:6003"
+          - url: "http://server-pi:6003"

    dcr-svc:
      loadBalancer:
        servers:
-          - url: "http://private-pi:6005"
+          - url: "http://server-pi:6005"

    registry-svc:
      loadBalancer:
        servers:
-          - url: "http://private-pi:6001"
+          - url: "http://server-pi:6001"
+
+    pypiserver-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6006"

    # Monitoring
+    netdata-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:7001"
+
    portainer-svc:
      loadBalancer:
        servers:
          - url: "http://private-pi:7002"
+
+    mongo-express-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8001"
+
+    pgadmin-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8002"
+
+    # ----------------------
+    # API
+    # ----------------------
+    blog-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9001"
+
+    coverage-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9002"
+
+    auth-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9003"
+
+    nakama-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:7350"
--- a/traefik.yaml
+++ b/traefik.yaml
@@ -3,6 +3,12 @@ entryPoints:
    address: ":80"
  websecure:
    address: ":443"
+  ssh:
+    address: ":22"
+  mongo:
+    address: ":27017"
+  postgres:
+    address: ":5432"

 providers:
  file:
@@ -14,6 +20,12 @@ api:

 log:
  level: INFO
+  filePath: "/var/log/traefik/traefik.log"
+
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  bufferingSize: 100
+  format: json

 certificatesResolvers:
  aetoskia:
Author	SHA1	Message	Date
Vishesh 'ironeagle' Bangotra	5d7dee1473	added auth api svc	2025-12-10 16:33:31 +05:30
Vishesh 'ironeagle' Bangotra	bdd72afdfe	fixes	2025-11-29 23:17:43 +05:30
Vishesh 'ironeagle' Bangotra	7c09bdd065	fixes	2025-11-29 23:04:10 +05:30
Vishesh 'ironeagle' Bangotra	ae74a83cde	fixes	2025-11-29 23:01:47 +05:30
Vishesh 'ironeagle' Bangotra	12a5c599ec	fixes	2025-11-29 22:57:02 +05:30
Vishesh 'ironeagle' Bangotra	4c0ea160ea	fixes	2025-11-29 22:53:55 +05:30
Vishesh 'ironeagle' Bangotra	244e22cc48	fixes	2025-11-29 22:37:15 +05:30
Vishesh 'ironeagle' Bangotra	2318b19100	allow games cors	2025-11-29 22:32:40 +05:30
Vishesh 'ironeagle' Bangotra	55a3a6da9a	added games routing	2025-11-29 19:08:35 +05:30
Vishesh 'ironeagle' Bangotra	8eb818b23d	nakama web, rest, ws added	2025-11-29 17:30:08 +05:30
Vishesh 'ironeagle' Bangotra	7eff45f082	correct terminologies	2025-11-29 16:01:18 +05:30
Vishesh 'ironeagle' Bangotra	6c8a560f8b	added postgres and pdadmin	2025-11-29 15:57:02 +05:30
Vishesh 'ironeagle' Bangotra	59e5aeef95	coverage api	2025-11-03 20:47:39 +05:30
Vishesh 'ironeagle' Bangotra	3bbf7c6a55	added missing middleware for blogs prefix	2025-11-03 02:34:40 +05:30
Vishesh 'ironeagle' Bangotra	998638b941	api and blog prefix	2025-11-03 01:59:30 +05:30
Vishesh 'ironeagle' Bangotra	86403951c0	mongo express	2025-11-03 00:06:30 +05:30
Aetos Skia	c4758de6d6	removed mongo tls	2025-11-03 00:04:11 +05:30
Vishesh 'ironeagle' Bangotra	1fa5b32068	mongo db	2025-11-02 14:46:53 +05:30
Vishesh 'ironeagle' Bangotra	254e8018f4	docs	2025-11-02 01:39:08 +05:30
Vishesh 'ironeagle' Bangotra	9c505596a1	devpi (#4 ) Reviewed-on: #4 Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com> Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>	2025-11-01 12:44:37 +00:00
Aetos Skia	0b8e4af7a7	Merge branch 'main' of gitea:services/traefik	2025-11-01 16:34:35 +05:30
Vishesh 'ironeagle' Bangotra	fa0c314e4f	added blog page (#3 ) Reviewed-on: #3 Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com> Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>	2025-11-01 11:04:28 +00:00
Aetos Skia	987d497c3e	Merge branch 'main' of gitea:services/traefik	2025-10-30 02:11:58 +05:30
Vishesh 'ironeagle' Bangotra	ace2033024	bazarr-app-init (#2 ) Reviewed-on: #2 Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com> Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>	2025-10-29 20:41:32 +00:00
Aetos Skia	c144e4af62	gitea to git (#1 ) Reviewed-on: #1 Co-authored-by: Aetos Skia <aetoskia@gmail.com> Co-committed-by: Aetos Skia <aetoskia@gmail.com>	2025-10-21 18:46:19 +00:00
Aetos Skia	75189b7ecc	homepage on server pi too	2025-10-22 00:02:59 +05:30
Aetos Skia	ee08b6b8e9	entrypoint error and moving services to server pi	2025-10-21 17:26:18 +05:30
Vishesh 'ironeagle' Bangotra	3cf22bbfd8	added netdata with auth	2025-10-12 15:21:27 +05:30
Vishesh 'ironeagle' Bangotra	0e042156dd	moved the comment header to proper place	2025-10-12 15:20:57 +05:30
Vishesh 'ironeagle' Bangotra	053deb9447	removed iframe middleware	2025-10-10 16:28:10 +05:30
Vishesh 'ironeagle' Bangotra	0652a9e5a1	allow qbit iframe	2025-10-10 16:13:37 +05:30
Vishesh 'ironeagle' Bangotra	c903d95405	enabled ssh on 222 via traefik	2025-10-04 17:17:10 +05:30
Aetos Skia	581d7b2e75	removed extra cert files	2025-10-04 16:03:12 +05:30
Vishesh 'ironeagle' Bangotra	f3ca37e27e	mounting log	2025-10-04 15:46:52 +05:30
Vishesh 'ironeagle' Bangotra	bf1c970e94	added cert and key file	2025-10-04 15:43:48 +05:30
Vishesh 'ironeagle' Bangotra	114389549b	full chain	2025-10-01 23:03:16 +05:30
Vishesh 'ironeagle' Bangotra	938d38a317	removed svc to gitea instead of noop	2025-10-01 22:17:39 +05:30
Vishesh 'ironeagle' Bangotra	2776ede002	added svc to gitea instead of noop	2025-10-01 22:15:25 +05:30
Vishesh 'ironeagle' Bangotra	8328598969	reverted internal routing through traefik for SSL	2025-10-01 21:37:41 +05:30
Vishesh 'ironeagle' Bangotra	a7be0b617f	internal routing through traefik for SSL	2025-10-01 21:30:00 +05:30
Vishesh 'ironeagle' Bangotra	0b4d1177c1	cleanup	2025-10-01 16:01:01 +05:30
Vishesh 'ironeagle' Bangotra	f5a9a1feea	access and info logs	2025-10-01 15:59:33 +05:30
Vishesh 'ironeagle' Bangotra	7d8939f496	landing page config	2025-10-01 15:52:48 +05:30
Vishesh 'ironeagle' Bangotra	98ad47b963	correct redirect by duplicate http and https services	2025-10-01 15:48:13 +05:30
Vishesh 'ironeagle' Bangotra	65771f5602	duplicate middleware error fixes	2025-10-01 15:42:46 +05:30
Vishesh 'ironeagle' Bangotra	5eb2743110	redirect http to https	2025-10-01 15:41:30 +05:30
Aetos Skia	36a65cf86a	Merge branch 'main' of gitea:services/traefik	2025-10-01 15:40:00 +05:30
Aetos Skia	f47b23e851	dashboard and cors fixes	2025-10-01 15:39:39 +05:30
Aetos Skia	1681874b2c	added correct auth path and extra hosts for cleaner host names instead of IPs	2025-10-01 15:39:15 +05:30