BigTitsButClothed

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Legal-Bit2207 on 2023-08-10 20:05:16+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/RabbitNo291 on 2023-08-10 19:24:20+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Simonebarbosa on 2023-08-10 19:03:32+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/sirenskiss3 on 2023-08-10 18:44:53+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/0023sunshine on 2023-08-10 18:19:57+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Ok_Bench_9323 on 2023-08-10 14:44:48+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/KenzieDDsimmz on 2023-08-10 11:47:17+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/EdnaGrant on 2023-08-10 11:31:30+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Senior-Signal-1841 on 2023-08-10 11:09:18+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/BrilliantCut2913 on 2023-08-10 07:41:43+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/BrilliantCut2913 on 2023-08-10 07:38:29+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/the-dirty-mac on 2023-08-10 07:37:58+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Dylan_L777 on 2023-08-10 03:35:03+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/nicephorous on 2023-08-10 02:40:55+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/0023sunshine on 2023-08-10 01:34:01+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Final-Rush817 on 2023-08-10 00:52:01+00:00.

The original post: /r/homelab by /u/LordWurstbrot on 2024-05-03 07:59:21.

Need help with my traefik stack & letsencrypt dns challenge

Hello, I am trying to get letsencrypt certs for my traefik stack using the dns challenge. I can't figure out what I did wrong. I would really appreciate your help, thanks.

docker compose

version: "3.8"

services:
 authelia:
 image: authelia/authelia
 container\_name: authelia
 volumes:
 - /home/pi/src/core/authelia-data:/config
 networks:
 - proxy
 labels:
 - 'traefik.enable=true'
 - 'traefik.docker.network=proxy'
 - 'traefik.http.routers.authelia.rule=Host(`sub.domain.de`)'
 - 'traefik.http.routers.authelia.entrypoints=websecure'
 - 'traefik.http.routers.authelia.tls=true'
 - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
 - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=<https://sub.domain.de>'
 - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
 - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
 expose:
 - 9091
 restart: unless-stopped
 environment:
 - TZ=Europe/Berlin
 healthcheck:
 disable: true

traefik:
 image: "traefik:latest"
 container\_name: traefik
 restart: unless-stopped
 security\_opt:
 - "no-new-privileges:true"
 networks:
 - proxy
 ports:
 - "80:80"
 - "443:443"
 depends\_on:
 - authelia
 volumes:
 - "/etc/localtime:/etc/localtime:ro"
 - "/var/run/docker.sock:/var/run/docker.sock:ro"
 - "./traefik-data/traefik.yml:/traefik.yml:ro"
 - "./traefik-data/acme.json:/acme.json"
 - "./traefik-data/configurations:/configurations"
 - "./traefik-data/logs:/logs"
 environment:
 - NETCUP\_CUSTOMER\_NUMBER=
 - NETCUP\_API\_KEY=
 - NETCUP\_API\_PASSWORD=
 labels:
 - traefik.enable=true
 - traefik.docker.network=proxy
 - traefik.http.routers.traefik-secure.entrypoints=websecure
 # - traefik.http.routers.traefik-secure.rule=Host(`sub.domain.de`)
 - traefik.http.routers.traefik-secure.service=api@internal
 # - traefik.http.routers.portainer-secure.middlewares=authelia@docker

portainer:
 image: "portainer/portainer-ee:linux-arm"
 container\_name: portainer
 restart: unless-stopped
 security\_opt:
 - "no-new-privileges:true"
 networks:
 - proxy
 volumes:
 - "/etc/localtime:/etc/localtime:ro"
 - "/var/run/docker.sock:/var/run/docker.sock:ro"
 - "./portainer-data:/data"
 labels:
 - traefik.enable=true
 - traefik.docker.network=proxy
 - traefik.http.routers.portainer-secure.entrypoints=websecure
 - traefik.http.routers.portainer-secure.rule=Host(`sub.domain.de`)
 - traefik.http.routers.portainer-secure.service=portainer
 - traefik.http.routers.portainer-secure.middlewares=authelia@docker
 - traefik.http.services.portainer.loadbalancer.server.port=9000

crowdsec:
 image: "crowdsecurity/crowdsec:latest"
 container\_name: crowdsec
 environment:
 GID: "${GID-1000}"
 COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
 depends\_on: #uncomment if running traefik in the same compose file
 - traefik
 volumes:
 - "/home/pi/src/core/crowdsec-data/config/:/etc/crowdsec/"
 - "/home/pi/src/core/crowdsec-data/crowdsec-db:/var/lib/crowdsec/data/"
 - "/home/pi/src/core/traefik-data/logs:/var/log/traefik/:ro"
 networks:
 - proxy
 restart: unless-stopped

bouncer-traefik:
 image: "docker.io/fbonalair/traefik-crowdsec-bouncer:latest"
 container\_name: bouncer-traefik
 environment:
 CROWDSEC\_BOUNCER\_API\_KEY: 
 CROWDSEC\_AGENT\_HOST: 
 networks:
 - proxy # same network as traefik + crowdsec
 depends\_on:
 - crowdsec
 restart: unless-stopped

goaccess:
 image: 'xavierh/goaccess-for-nginxproxymanager:latest'
 container\_name: goaccess
 restart: unless-stopped
 ports:
 - '7880:7880'
 environment:
 - TZ=Europe/Berlin
 - LOG\_TYPE=TRAEFIK #optional
 volumes:
 - "/home/pi/src/core/traefik-data/logs:/opt/log"
 labels:
 - traefik.enable=false

networks:
 proxy:
 external: true

traefik.yml

api:
 dashboard: false
 # insecure: true

log:
 level: "debug"
 filePath: "/logs/traefik.log"

Configuring Multiple Filters
============================

accessLog:
 filePath: "/logs/access.log"
 filters:
 statusCodes:
 - "200"
 - "300-302"
 retryAttempts: true
 minDuration: "10ms"
 # collect logs as in-memory buffer before writing into log file
 bufferingSize: 0
 fields:
 headers:
 defaultMode: drop # drop all headers per default
 names:
 User-Agent: keep # log user agent strings

entryPoints:
 web:
 address: ":80"
 http:
 middlewares:
 - crowdsec-bouncer@file
 redirections:
 entryPoint:
 to: websecure

websecure:
 address: ":443"
 http:
 middlewares:
 - secureHeaders@file
 - crowdsec-bouncer@file
 tls:
 certResolver: letsencrypt

providers:
 docker:
 endpoint: "unix:///var/run/docker.sock"
 exposedByDefault: false
 file:
 filename: /configurations/dynamic.yml

certificatesResolvers:
 letsencrypt:
 acme:
 email: [[email protected]](mailto:[email protected])
 storage: acme.json
 keyType: EC256
 caServer: <https://acme-v02.api.letsencrypt.org/directory>
 certificatesDuration: 2160
 dnsChallenge:
 provider: netcup
 delayBeforeCheck: 1200
 resolvers:
 - "root-dns.netcup.net:53"
 - "second-dns.netcup.net:53"
 - "third-dns.netcup.net:53"
 - "8.8.8.8:53"
 - "1.1.1.1:53"

dynamic.yml

entryPoints:
 web:
 address: ":80"
 http:
 redirections:
 entryPoint:
 to: websecure
 scheme: https

websecure:
 address: ":443"

http:
 middlewares:
 crowdsec-bouncer:
 forwardauth:
 address: http://bouncer-traefik:8080/api/v1/forwardAuth
 trustForwardHeader: true

nextcloud-redirectregex: redirectRegex: regex: "https://(.*)/.well-known/(card|cal)dav" replacement: "https://${1}/remote.php/dav/"

secureHeaders: headers: forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 31536000

user-auth: basicAuth: users: - "xxxxxx"

routers:
 nextcloud-secure:
 entryPoints:
 - websecure
 rule: Host(`sub.domain.de`)
 middlewares:
 - nextcloud-redirectregex
 service: nextcloud

hass-secure: entryPoints:

• websecure rule: Host(sub.domain.de) service: hass

services:
 nextcloud:
 loadBalancer:
 servers:
 - url: "<http://192.168.178.72:80/>"

hass: loadBalancer: servers: - url: "http://192.168.178.23:8123/"

tls:
 options:
 default:
 cipherSuites:
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384
 - TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256
 - TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256
 - TLS\_ECDHE\_ECDSA\_WITH\_CHACHA20\_POLY1305
 - TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305
 minVersion: VersionTLS12

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Character_Nature5070 on 2023-08-09 18:41:34+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/tanisharoysweet on 2023-08-09 16:49:32+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/sirenskiss3 on 2023-08-09 16:39:04+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Electronic-Working68 on 2023-08-09 13:49:03+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/EdnaGrant on 2023-08-09 11:32:21+00:00.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/Final-Rush817 on 2023-08-09 07:55:35+00:00.

The original post: /r/movies by /u/Bullingdon1973 on 2024-05-01 17:45:39.

This is an automated archive.

The original was posted on /r/bigtitsbutclothed by /u/sirenskiss3 on 2023-08-08 22:23:54+00:00.