infra

jack/infra

Fork 0

Commit graph

Author	SHA1	Message	Date
jack	e935c897c6	feat: Cloudflare integration — real IP forwarding + firewall lockdown Some checks failed CI/CD / syntax-check (push) Successful in 58s Details CI/CD / deploy (push) Failing after 43s Details Traefik traefik.yml.j2: - Add forwardedHeaders.trustedIPs with all Cloudflare CIDR ranges on both web and websecure entrypoints so rate limiting and CrowdSec see real visitor IPs, not Cloudflare proxy IPs firewall.yml: - Replace open HTTP/HTTPS rules with per-CIDR allow rules scoped to Cloudflare IP ranges only - Direct access to ports 80/443 bypassing Cloudflare is now blocked Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 04:02:06 +07:00
jack	652737239d	Add Forgejo SSH port 2222 and open in UFW Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-20 19:43:22 +07:00
jack	a1b97f3e4b	Initial commit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-20 19:39:26 +07:00

Author

SHA1

Message

Date

jack

e935c897c6

feat: Cloudflare integration — real IP forwarding + firewall lockdown

CI/CD / syntax-check (push) Successful in 58s

Details

CI/CD / deploy (push) Failing after 43s

Details

Traefik traefik.yml.j2:
- Add forwardedHeaders.trustedIPs with all Cloudflare CIDR ranges
  on both web and websecure entrypoints so rate limiting and
  CrowdSec see real visitor IPs, not Cloudflare proxy IPs

firewall.yml:
- Replace open HTTP/HTTPS rules with per-CIDR allow rules
  scoped to Cloudflare IP ranges only
- Direct access to ports 80/443 bypassing Cloudflare is now blocked

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-22 04:02:06 +07:00

jack

652737239d

Add Forgejo SSH port 2222 and open in UFW

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 19:43:22 +07:00

jack

a1b97f3e4b

Initial commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 19:39:26 +07:00

3 commits