kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2 from kelinfoxy/copilot/scan-and-replace-personal-data

Browse Source 
Sanitize personal data from repository history
This commit is contained in:
Kelin
2026-02-05 14:09:23 -05:00
committed by GitHub
parent 10aee3b3b1 0052fa4ddc
commit 84b2cabacc
9 changed files with 109 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
View File

@@ -2,7 +2,7 @@ http:
routers:
# Individual Services
homeassistant:
rule: "Host(`hass.kelinreij.duckdns.org`)"
rule: "Host(`hass.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: homeassistant

20
docker-compose/core/traefik/dynamic/local-host-production.yml
View File

@@ -2,7 +2,7 @@ http:
routers:
# Remote Server Services (your-remote-server)
dockge-your-remote-server:
rule: "Host(`dockge.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`dockge.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: dockge-your-remote-server
@@ -12,7 +12,7 @@ http:
- authelia@docker
dozzle-your-remote-server:
rule: "Host(`dozzle.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`dozzle.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: dozzle-your-remote-server
@@ -22,7 +22,7 @@ http:
- authelia@docker
glances-your-remote-server:
rule: "Host(`glances.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`glances.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: glances-your-remote-server
@@ -32,7 +32,7 @@ http:
- authelia@docker
backrest-your-remote-server:
rule: "Host(`backrest.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`backrest.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: backrest-your-remote-server
@@ -42,7 +42,7 @@ http:
- authelia@docker
duplicati-your-remote-server:
rule: "Host(`duplicati.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`duplicati.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: duplicati-your-remote-server
@@ -52,7 +52,7 @@ http:
- authelia@docker
homepage-your-remote-server:
rule: "Host(`homepage.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`homepage.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: homepage-your-remote-server
@@ -62,7 +62,7 @@ http:
- authelia@docker
homarr-your-remote-server:
rule: "Host(`homarr.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`homarr.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: homarr-your-remote-server
@@ -72,7 +72,7 @@ http:
- authelia@docker
grafana-your-remote-server:
rule: "Host(`grafana.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`grafana.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: grafana-your-remote-server
@@ -82,7 +82,7 @@ http:
- authelia@docker
prometheus-your-remote-server:
rule: "Host(`prometheus.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`prometheus.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: prometheus-your-remote-server
@@ -92,7 +92,7 @@ http:
- authelia@docker
uptime-kuma-your-remote-server:
rule: "Host(`status.your-remote-server.kelinreij.duckdns.org`)"
rule: "Host(`status.your-remote-server.yourdomain.duckdns.org`)"
entryPoints:
- websecure
service: uptime-kuma-your-remote-server

2
docker-compose/core/traefik/dynamic/sablier.yml
View File

@@ -3,7 +3,7 @@ http:
middlewares:
authelia:
forwardauth:
address: http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/
address: http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/
authResponseHeaders:
- X-Secret
trustForwardHeader: true

96
docker-compose/dashboards/homepage/services.yaml
View File

@@ -4,253 +4,253 @@
- Dashboards:
- Homepage:
icon: homepage.png
href: https://homepage.kelinreij.duckdns.org
href: https://homepage.yourdomain.duckdns.org
description: Hosted on Raspberry Pi
- Homarr:
icon: homarr.png
href: https://homarr.kelinreij.duckdns.org
href: https://homarr.yourdomain.duckdns.org
description: Alternative Dashboard
- Dockge - jasper:
icon: dockge.png
href: https://jasper.kelinreij.duckdns.org
href: https://jasper.yourdomain.duckdns.org
description: Main Server
- Dockge - your-remote-server :
icon: dockge.png
href: https://your-remote-server .kelinreij.duckdns.org
href: https://your-remote-server .yourdomain.duckdns.org
description: Raspberry Pi Authentication Server
- Core:
- Traefik:
icon: traefik.png
href: https://traefik.kelinreij.duckdns.org
href: https://traefik.yourdomain.duckdns.org
description: Reverse Proxy & SSL
- Authelia:
icon: authelia.png
href: https://auth.kelinreij.duckdns.org
href: https://auth.yourdomain.duckdns.org
description: Authentication SSO Portal
- Pi-hole:
icon: pi-hole.png
href: https://pihole.kelinreij.duckdns.org
href: https://pihole.yourdomain.duckdns.org
description: Network-wide Ad Blocking
- Monitoring Stack:
- Dozzle:
icon: dozzle.png
href: https://dozzle.jasper.kelinreij.duckdns.org
href: https://dozzle.jasper.yourdomain.duckdns.org
description: jasper - Real-time Log Viewer
- Dozzle:
icon: dozzle.png
href: https://dozzle.your-remote-server .kelinreij.duckdns.org
href: https://dozzle.your-remote-server .yourdomain.duckdns.org
description: your-remote-server - Real-time Log Viewer
- Glances - jasper:
icon: glances.png
href: https://glances.jasper.kelinreij.duckdns.org
href: https://glances.jasper.yourdomain.duckdns.org
description: jasper - System Monitoring
- Glances - your-remote-server :
icon: glances.png
href: https://glances.your-remote-server .kelinreij.duckdns.org
href: https://glances.your-remote-server .yourdomain.duckdns.org
description: your-remote-server - System Monitoring
- Uptime Kuma:
icon: uptime-kuma.png
href: https://uptime-kuma.kelinreij.duckdns.org
href: https://uptime-kuma.yourdomain.duckdns.org
description: Uptime Monitoring
- Media:
- Jellyfin:
icon: jellyfin.png
href: https://jellyfin.kelinreij.duckdns.org
href: https://jellyfin.yourdomain.duckdns.org
description: Open Source Media Server
- Jellyseerr:
icon: jellyseerr.png
href: https://jellyseerr.kelinreij.duckdns.org
href: https://jellyseerr.yourdomain.duckdns.org
description: Media Request Manager
- Calibre-Web:
icon: calibre-web.png
href: https://calibre.kelinreij.duckdns.org
href: https://calibre.yourdomain.duckdns.org
description: Ebook Library
- Media Management:
- Sonarr:
icon: sonarr.png
href: https://sonarr.kelinreij.duckdns.org
href: https://sonarr.yourdomain.duckdns.org
description: TV Shows Automation
- Radarr:
icon: radarr.png
href: https://radarr.kelinreij.duckdns.org
href: https://radarr.yourdomain.duckdns.org
description: Movies Automation
- Prowlarr:
icon: prowlarr.png
href: https://prowlarr.kelinreij.duckdns.org
href: https://prowlarr.yourdomain.duckdns.org
description: Indexer Manager
- Readarr:
icon: readarr.png
href: https://readarr.kelinreij.duckdns.org
href: https://readarr.yourdomain.duckdns.org
description: Books Automation
- Lidarr:
icon: lidarr.png
href: https://lidarr.kelinreij.duckdns.org
href: https://lidarr.yourdomain.duckdns.org
description: Music Automation
- Mylar3:
icon: mylar.png
href: https://mylar.kelinreij.duckdns.org
href: https://mylar.yourdomain.duckdns.org
description: Comics Manager
- Home Automation:
- Home Assistant:
icon: home-assistant.png
href: https://hass.kelinreij.duckdns.org
href: https://hass.yourdomain.duckdns.org
description: Home Automation Platform
- ESPHome:
icon: esphome.png
href: https://esphome.kelinreij.duckdns.org
href: https://esphome.yourdomain.duckdns.org
description: ESP Device Manager
- Node-RED:
icon: node-red.png
href: https://nodered.kelinreij.duckdns.org
href: https://nodered.yourdomain.duckdns.org
description: Flow-based Automation
- Zigbee2MQTT:
icon: zigbee2mqtt.png
href: https://zigbee.kelinreij.duckdns.org
href: https://zigbee.yourdomain.duckdns.org
description: Zigbee Bridge
- Mosquitto:
icon: mosquitto.png
href: https://mqtt.kelinreij.duckdns.org
href: https://mqtt.yourdomain.duckdns.org
description: MQTT Broker
- Productivity:
- Nextcloud:
icon: nextcloud.png
href: https://nextcloud.kelinreij.duckdns.org
href: https://nextcloud.yourdomain.duckdns.org
description: Cloud Storage & Collaboration
- Gitea:
icon: gitea.png
href: https://gitea.kelinreij.duckdns.org
href: https://gitea.yourdomain.duckdns.org
description: Git Repository
- Mealie:
icon: mealie.png
href: https://mealie.kelinreij.duckdns.org
href: https://mealie.yourdomain.duckdns.org
description: Recipe Manager
- WordPress:
icon: wordpress.png
href: https://wordpress.kelinreij.duckdns.org
href: https://wordpress.yourdomain.duckdns.org
description: CMS Platform
- Wikis:
- BookStack:
icon: bookstack.png
href: https://bookstack.kelinreij.duckdns.org
href: https://bookstack.yourdomain.duckdns.org
description: Wiki Platform
- DokuWiki:
icon: dokuwiki.png
href: https://dokuwiki.kelinreij.duckdns.org
href: https://dokuwiki.yourdomain.duckdns.org
description: Simple Wiki
- Mediawiki:
icon: mediawiki.png
href: https://mediawiki.kelinreij.duckdns.org
href: https://mediawiki.yourdomain.duckdns.org
description: Collaborative Wiki
- Development:
- VS Code Server:
icon: vscode.png
href: https://code.kelinreij.duckdns.org
href: https://code.yourdomain.duckdns.org
description: Browser-based IDE
- Jupyter:
icon: jupyter.png
href: https://jupyter.kelinreij.duckdns.org
href: https://jupyter.yourdomain.duckdns.org
description: Data Science Notebooks
- Downloaders:
- qBittorrent:
icon: qbittorrent.png
href: https://qbit.kelinreij.duckdns.org
href: https://qbit.yourdomain.duckdns.org
description: Torrent Client
- Transcoders:
- Tdarr:
icon: tdarr.png
href: https://tdarr.kelinreij.duckdns.org
href: https://tdarr.yourdomain.duckdns.org
description: Media Transcoding
- Unmanic:
icon: unmanic.png
href: https://unmanic.kelinreij.duckdns.org
href: https://unmanic.yourdomain.duckdns.org
description: Media Transcoder
- Utilities:
- Vaultwarden:
icon: vaultwarden.png
href: https://vault.kelinreij.duckdns.org
href: https://vault.yourdomain.duckdns.org
description: Password Manager
- Formio:
icon: mdi-form-select
href: https://formio.kelinreij.duckdns.org
href: https://formio.yourdomain.duckdns.org
description: Form Builder
- Backup:
- Backrest:
icon: mdi-backup-restore
href: https://backrest.kelinreij.duckdns.org
href: https://backrest.yourdomain.duckdns.org
description: Backup Solution
- Duplicati:
icon: duplicati.png
href: https://duplicati.kelinreij.duckdns.org
href: https://duplicati.yourdomain.duckdns.org
description: Backup Software
- Metrics:
- Grafana:
icon: grafana.png
href: https://grafana.kelinreij.duckdns.org
href: https://grafana.yourdomain.duckdns.org
description: Metrics Dashboard
- Prometheus:
icon: prometheus.png
href: https://prometheus.kelinreij.duckdns.org
href: https://prometheus.yourdomain.duckdns.org
description: Metrics Collection
- cAdvisor:
icon: cadvisor.png
href: https://cadvisor.kelinreij.duckdns.org
href: https://cadvisor.yourdomain.duckdns.org
description: Container Metrics
- Alternatives:
- Portainer:
icon: portainer.png
href: https://portainer.kelinreij.duckdns.org
href: https://portainer.yourdomain.duckdns.org
description: Container Management UI
- Authentik:
icon: authentik.png
href: https://authentik.kelinreij.duckdns.org
href: https://authentik.yourdomain.duckdns.org
description: Alternative Auth Provider
- Plex:
icon: plex.png
href: https://plex.kelinreij.duckdns.org
href: https://plex.yourdomain.duckdns.org
description: Media Server

2
docker-compose/infrastructure/code-server/config/.config/code-server/config.yaml
View File

@@ -1,4 +1,4 @@
bind-addr: 127.0.0.1:8080
auth: password
password: 4d6c2b20e8d2c62be2512281
password: ${CODE_SERVER_PASSWORD}
cert: false

48
docs/action-reports/2026-01-12-ssl-wildcard-certificate-setup.md
View File

@@ -15,14 +15,14 @@ Services were showing "not secure" warnings in browsers despite Traefik being co
### 1. **Multiple Simultaneous Certificate Requests**
- **Issue:** Each service (dockge, dozzle, glances, pihole, authelia) had `traefik.http.routers.*.tls.certresolver=letsencrypt` labels
- **Impact:** Traefik attempted to request individual certificates for each subdomain simultaneously
- **Consequence:** DuckDNS DNS challenge can only handle ONE TXT record at `_acme-challenge.kelin-hass.duckdns.org` at a time
- **Consequence:** DuckDNS DNS challenge can only handle ONE TXT record at `_acme-challenge.yourdomain.duckdns.org` at a time
- **Result:** All certificate requests failed with "Incorrect TXT record" errors
### 2. **DNS TXT Record Conflicts**
- **Issue:** Multiple services tried to create different TXT records at the same DNS location
- **Example:**
- Service A creates: `_acme-challenge.kelin-hass.duckdns.org` = "token1"
- Service B overwrites: `_acme-challenge.kelin-hass.duckdns.org` = "token2"
- Service A creates: `_acme-challenge.yourdomain.duckdns.org` = "token1"
- Service B overwrites: `_acme-challenge.yourdomain.duckdns.org` = "token2"
- Let's Encrypt validates Service A but finds "token2" → validation fails
- **DuckDNS Limitation:** Can only maintain ONE TXT record per domain
@@ -98,7 +98,7 @@ pihole:
certificatesResolvers:
letsencrypt:
acme:
email: kelinfoxy@gmail.com
email: your-email@example.com
storage: /acme.json
dnsChallenge:
provider: duckdns
@@ -129,7 +129,7 @@ chown kelin:kelin /opt/stacks/core/traefik/acme.json
# Wait for DNS to clear
sleep 60
dig +short TXT _acme-challenge.kelin-hass.duckdns.org # Verified empty
dig +short TXT _acme-challenge.yourdomain.duckdns.org # Verified empty
# Deploy updated configuration
cp /home/kelin/AI-Homelab/docker-compose/core.yml /opt/stacks/core/docker-compose.yml
@@ -189,21 +189,21 @@ cd /opt/stacks/infrastructure && docker compose -f infrastructure.yml up -d
{
"letsencrypt": {
"Account": {
"Email": "kelinfoxy@gmail.com",
"Email": "your-email@example.com",
"Registration": {
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/2958966636"
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/XXXXXXXXXX"
}
},
"Certificates": [
{
"domain": {
"main": "dockge.kelin-hass.duckdns.org"
"main": "dockge.yourdomain.duckdns.org"
}
},
{
"domain": {
"main": "kelin-hass.duckdns.org",
"sans": ["*.kelin-hass.duckdns.org"]
"main": "yourdomain.duckdns.org",
"sans": ["*.yourdomain.duckdns.org"]
}
}
]
@@ -212,7 +212,7 @@ cd /opt/stacks/infrastructure && docker compose -f infrastructure.yml up -d
```
**Certificate Details:**
- **Subject:** CN=kelin-hass.duckdns.org
- **Subject:** CN=yourdomain.duckdns.org
- **Issuer:** C=US, O=Let's Encrypt, CN=R12
- **Coverage:** Wildcard certificate covering all subdomains
- **File Size:** 23KB (up from 0 bytes)
@@ -223,12 +223,12 @@ All services running with valid SSL certificates:
| Service | Status | URL | Certificate |
|---------|--------|-----|-------------|
| Traefik | ✅ Up | https://traefik.kelin-hass.duckdns.org | Valid |
| Authelia | ✅ Up | https://auth.kelin-hass.duckdns.org | Valid |
| Dockge | ✅ Up | https://dockge.kelin-hass.duckdns.org | Valid |
| Dozzle | ✅ Up | https://dozzle.kelin-hass.duckdns.org | Valid |
| Glances | ✅ Up | https://glances.kelin-hass.duckdns.org | Valid |
| Pi-hole | ✅ Up | https://pihole.kelin-hass.duckdns.org | Valid |
| Traefik | ✅ Up | https://traefik.yourdomain.duckdns.org | Valid |
| Authelia | ✅ Up | https://auth.yourdomain.duckdns.org | Valid |
| Dockge | ✅ Up | https://dockge.yourdomain.duckdns.org | Valid |
| Dozzle | ✅ Up | https://dozzle.yourdomain.duckdns.org | Valid |
| Glances | ✅ Up | https://glances.yourdomain.duckdns.org | Valid |
| Pi-hole | ✅ Up | https://pihole.yourdomain.duckdns.org | Valid |
## Best Practices & Prevention
@@ -259,7 +259,7 @@ other-service:
### 2. ✅ DuckDNS DNS Challenge Limitations
**Understand the Constraint:**
- DuckDNS can only maintain ONE TXT record at `_acme-challenge.kelin-hass.duckdns.org`
- DuckDNS can only maintain ONE TXT record at `_acme-challenge.yourdomain.duckdns.org`
- Multiple simultaneous challenges WILL fail
- Use wildcard certificate to avoid this limitation
@@ -292,7 +292,7 @@ docker exec traefik tail -f /var/log/traefik/traefik.log | grep -E "acme|certifi
docker exec traefik tail -100 /var/log/traefik/traefik.log | grep -E "error|Unable"
# View specific domain
docker exec traefik tail -200 /var/log/traefik/traefik.log | grep "kelin-hass.duckdns.org"
docker exec traefik tail -200 /var/log/traefik/traefik.log | grep "yourdomain.duckdns.org"
```
### 4. ✅ Certificate Troubleshooting Workflow
@@ -307,10 +307,10 @@ cat /opt/stacks/core/traefik/acme.json | python3 -m json.tool | grep -A5 "Certif
python3 -c "import json; d=json.load(open('/opt/stacks/core/traefik/acme.json')); print(f'Certificates: {len(d[\"letsencrypt\"][\"Certificates\"])}')"
# 3. Test certificate being served
echo | openssl s_client -connect auth.kelin-hass.duckdns.org:443 -servername auth.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
echo | openssl s_client -connect auth.yourdomain.duckdns.org:443 -servername auth.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
# 4. Check DNS TXT records
dig +short TXT _acme-challenge.kelin-hass.duckdns.org
dig +short TXT _acme-challenge.yourdomain.duckdns.org
# 5. Check Traefik logs
docker exec traefik tail -50 /var/log/traefik/traefik.log
@@ -457,15 +457,15 @@ docker exec traefik tail -f /var/log/traefik/traefik.log
### Verify Certificate Command
```bash
echo | openssl s_client -connect ${SUBDOMAIN}.kelin-hass.duckdns.org:443 -servername ${SUBDOMAIN}.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer -dates
echo | openssl s_client -connect ${SUBDOMAIN}.yourdomain.duckdns.org:443 -servername ${SUBDOMAIN}.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer -dates
```
### Check All Service Certificates
```bash
for subdomain in auth traefik dockge dozzle glances pihole; do
echo "=== $subdomain.kelin-hass.duckdns.org ==="
echo | openssl s_client -connect $subdomain.kelin-hass.duckdns.org:443 -servername $subdomain.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
echo "=== $subdomain.yourdomain.duckdns.org ==="
echo | openssl s_client -connect $subdomain.yourdomain.duckdns.org:443 -servername $subdomain.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
echo
done
```

6
docs/docker-guidelines.md
View File

@@ -1402,7 +1402,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
1. **Hard-Coded URLs Required**: Homepage does NOT support variables in href links
- Template uses `{{HOMEPAGE_VAR_DOMAIN}}` as placeholder
- Active config uses `kelin-hass.duckdns.org` hard-coded
- Active config uses `yourdomain.duckdns.org` hard-coded
- AI must replace placeholders when deploying configs
2. **No Container Restart Needed**: Homepage picks up config changes instantly
@@ -1427,7 +1427,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
- Stack Name (compose-file.yml):
- Service Name:
icon: service.png
href: https://subdomain.kelin-hass.duckdns.org # Hard-coded!
href: https://subdomain.yourdomain.duckdns.org # Hard-coded!
description: Service description
```
@@ -1436,7 +1436,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
```bash
# When deploying from template:
cp /home/kelin/AI-Homelab/config-templates/homepage/*.yaml /opt/stacks/homepage/config/
sed -i 's/{{HOMEPAGE_VAR_DOMAIN}}/kelin-hass.duckdns.org/g' /opt/stacks/homepage/config/services.yaml
sed -i 's/{{HOMEPAGE_VAR_DOMAIN}}/yourdomain.duckdns.org/g' /opt/stacks/homepage/config/services.yaml
# No restart needed - configs load instantly
```

22
docs/troubleshooting/SSL-CERTIFICATES-DUCKDNS.md
View File

@@ -7,8 +7,8 @@ Wildcard SSL certificate acquisition via DuckDNS DNS-01 challenge consistently f
### Why Both Domain and Wildcard are Required
Let's Encrypt requires validation of BOTH domains when using SAN (Subject Alternative Name) certificates:
- `kelin-hass.duckdns.org` (apex domain)
- `*.kelin-hass.duckdns.org` (wildcard)
- `yourdomain.duckdns.org` (apex domain)
- `*.yourdomain.duckdns.org` (wildcard)
This is a Let's Encrypt policy - you cannot obtain just the wildcard certificate. Both must be validated simultaneously.
@@ -23,13 +23,13 @@ ping -c 2 ns1.duckdns.org # FAIL: 100% packet loss
ping -c 2 99.79.143.35 # FAIL: 100% packet loss (direct IP)
# DNS queries to authoritative servers - timeout
dig @99.79.143.35 kelin-hass.duckdns.org # FAIL: timeout
dig @35.182.183.211 kelin-hass.duckdns.org # FAIL: timeout
dig @3.97.58.28 kelin-hass.duckdns.org # FAIL: timeout
dig @99.79.143.35 yourdomain.duckdns.org # FAIL: timeout
dig @35.182.183.211 yourdomain.duckdns.org # FAIL: timeout
dig @3.97.58.28 yourdomain.duckdns.org # FAIL: timeout
# Queries to recursive resolvers - SUCCESS
dig @8.8.8.8 kelin-hass.duckdns.org # SUCCESS
dig @1.1.1.1 kelin-hass.duckdns.org # SUCCESS
dig @8.8.8.8 yourdomain.duckdns.org # SUCCESS
dig @1.1.1.1 yourdomain.duckdns.org # SUCCESS
# Traceroute analysis
traceroute 99.79.143.35
@@ -83,15 +83,15 @@ The lego library **must** also query the authoritative nameservers directly to v
```
propagation: time limit exceeded: last error: authoritative nameservers:
DNS call error: read udp 172.19.0.2:53666->3.97.58.28:53: i/o timeout
[ns=ns6.duckdns.org.:53, question='_acme-challenge.kelin-hass.duckdns.org. IN TXT']
[ns=ns6.duckdns.org.:53, question='_acme-challenge.yourdomain.duckdns.org. IN TXT']
```
**Phase 2: SOA record query failure**
```
propagation: time limit exceeded: last error: could not find zone:
[fqdn=_acme-challenge.kelin-hass.duckdns.org.]
unexpected response for 'kelin-hass.duckdns.org.'
[question='kelin-hass.duckdns.org. IN SOA', code=SERVFAIL]
[fqdn=_acme-challenge.yourdomain.duckdns.org.]
unexpected response for 'yourdomain.duckdns.org.'
[question='yourdomain.duckdns.org. IN SOA', code=SERVFAIL]
```
## Working Configuration (Self-Signed Certificates)

20
markup.yml
View File

@@ -15,12 +15,12 @@ echo "╚═══════════════════════
echo "╔═════════════════════════════════════════════════════════════╗
echo "║ ✅ SERVER_IP: 192.168.4.4 ║
echo "║ ✅ SERVER_HOSTNAME: jasper ║
echo "║ ✅ DUCKDNS_SUBDOMAINS: kelinreij
echo "║ ✅ DUCKDNS_TOKEN: 41ef7faa-fc93-41d2-a32f-340fd2b75b2f
echo "║ ✅ DOMAIN: kelinreij.duckdns.org
echo "║ ✅ DEFAULT_USER: kelin ║
echo "║ ✅ DEFAULT_PASSWORD: Tiberi0u$
echo "║ ✅ DEFAULT_EMAIL: kelinshomelab@gmail.com
echo "║ ✅ DUCKDNS_SUBDOMAINS: yourdomain
echo "║ ✅ DUCKDNS_TOKEN: your-duckdns-token
echo "║ ✅ DOMAIN: yourdomain.duckdns.org ║
echo "║ ✅ DEFAULT_USER: admin ║
echo "║ ✅ DEFAULT_PASSWORD: changeme
echo "║ ✅ DEFAULT_EMAIL: admin@example.com
echo "╚═════════════════════════════════════════════════════════════╝
echo "╔═════════════════════════════════════════════════════════════╗
@@ -31,16 +31,16 @@ echo "╔═══════════════════════
echo "║ Deployment Complete! ║
echo "║ SSL Certificates may take a few minutes to be issued. ║
echo "║ ║
echo "║ https://dockge.kelinreij.duckdns.org ║
echo "║ https://dockge.yourdomain.duckdns.org ║
echo "║ http://192.168.4.4:5001 ║
echo "║ ║
echo "║ https://homepage.kelinreij.duckdns.org ║
echo "║ https://homepage.yourdomain.duckdns.org ║
echo "║ http://192.168.4.4:3003 ║
echo "║ ║
echo "║ https://authelia.kelinreij.duckdns.org ║
echo "║ https://authelia.yourdomain.duckdns.org ║
echo "║ http://192.168.4.4:9091 ║
echo "║ ║
echo "║ https://traefik.kelinreij.duckdns.org ║
echo "║ https://traefik.yourdomain.duckdns.org ║
echo "║ http://192.168.4.4:8080 ║
echo "║ ║
echo "╚═════════════════════════════════════════════════════════════╝