whoami VS mistborn

What do you want to see? If it's about the request and the headers, you could run a whoami service as target to see the headers.

Testing the expression in the linked GH issue it definitely works when using a whoami type backend (https://github.com/traefik/whoami) which just shows all the headers that are being sent.

An app called whoami. This is a dead simple go app that spits back header and IP information.

Example ``` FROM golang:1-alpine as builder

Use whoami to check yourself.

Launch a simple test container with the labels to see if traefik picks it up and routes according to the domain.

Unfortunately still doesn't work, even bypassing NGINX and just using a simple whoami go web server (https://github.com/traefik/whoami) directly running on linux (no docker) it's still reporting the RemoteAddr as 192.168.100.1:52061, this should be the IP address of the client.

version: '3.9' services: traefik: image: traefik:v2.6 command: - --providers.docker - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock whoami: image: traefik/whoami # https://github.com/traefik/whoami command: -name whoami labels: traefik.http.routers.whoami.rule: Host(`whoami.localhost`)

version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true

Pywhoami is inspired by the whoami Go server by Traefik Labs. Send a request to one of the endpoints to get back details from your HTTP request. With pywhoami you can help answer questions like, what headers were added to my original request by a proxy server.

Guys, anyone has experience with Mistborn ?

There is a github project that rolls a Nextcloud instance and Jellyfin together in a docker install. It also rolls a bunch more stuff as well. https://gitlab.com/cyber5k/mistborn

try mistborn: https://gitlab.com/cyber5k/mistborn

https://gitlab.com/cyber5k/mistborn has wireguard and valtwarden built-in

So there is one other option you can run with - mistborn. Now, fair warning - if you want to run this on a pi....flash at least 100GB of storage space on a microssd and then for the OS I recommend a Ubuntu flavor of your choice. Ideally the latest one he has listed as successful on his table of distros that he successfully installed it on.

I find the fundamental problem with this sort of server setup script/config management is that they inevitably get quite personal. Nobody really wants to use another devs and when you try to allow for a lot of customisation they tend get byzantine and complex.

That said I still think it's worth sharing. If nothing else we can all usually cherry pick nice ideas from each other.

I had an entirely private set of Ansible roles I'd cobbled together that I started to put in a more shareable state a couple of years ago. It has little overlap with what you're putting together, but I do think you might find the way it separates personal Ansible config and the main project roles into separate directories (and thus different git repos) useful.

I really need to dust off my project and get it to a releasable state this year [momod](https://github.com/adrinux/momod).

I assume you've come across the many similar projects like [Sovereign](https://github.com/sovereign/sovereign), [Mistborn](https://gitlab.com/cyber5k/mistborn)

https://gitlab.com/cyber5k/mistborn on my endpoint but route my traffic thru another another WG server first thus creating a multihop VPN in the interests of security

I've been using selfhosted Nextcloud with OnlyOffice for years. I've yet to encounter something it can't handle. In fact I opened up my setup at the beginning of the pandemic so others could host their own: https://gitlab.com/cyber5k/mistborn