Changes:
- Removed entire Method 2 section (Docker labels with dummy containers)
- Simplified to focus only on Method 1 (File Provider) as recommended approach
- Updated Quick Start section with cleaner step-by-step instructions
- Removed resource consumption warnings (no longer relevant)
- Updated AI Management section to remove Docker labels references
- Maintained all advanced configuration examples (WebSocket, HTTPS backend, IP whitelist)
- Kept all troubleshooting, security best practices, and complete example
The guide now focuses exclusively on the recommended YAML file approach,
which is simpler, more reliable, and doesn't consume unnecessary resources.
Changes:
- Remove references to local Traefik on additional servers
- Update architecture diagram to show direct port exposure
- Clarify that additional servers are 'headless' (no local reverse proxy)
- Update traffic flow to show direct routing from core to services
- Update performance metrics (50MB vs 100MB, 2min vs 5-10min deployment)
- Rename 'Remote Server' to 'Additional Server' for consistency
The docs now accurately reflect the current simplified architecture where
additional servers only run Sablier and expose ports directly.
Introduce multi-server architecture documentation and reorganize README content. Top-level README now documents Core vs Remote server roles, links to local docs instead of wiki pages, and highlights Traefik/Sablier multi-server behavior. docker-compose/README.md was rewritten to be a template-style reference with single- and multi-server deployment guidance, Traefik label examples, and sablier usage; dockge README was moved into docker-compose/dockge/. docker-compose/core/README.md was updated to describe core responsibilities, shared CA artifacts, and startup order for multi-server deployments. Several obsolete/duplicated docs and action reports were removed and a new multi-server deployment doc was added to centralize on-demand/remote service guidance. Overall this cleans up legacy docs and documents the multi-server workflow and TLS/shared-CA requirements.
- Replace hardcoded password in code-server config with ${CODE_SERVER_PASSWORD}
- Replace domain kelin-hass.duckdns.org with yourdomain.duckdns.org in docs
- Replace domain kelinreij.duckdns.org with yourdomain.duckdns.org in homepage config
- Replace personal emails with example addresses
- Replace DuckDNS token and credentials in markup.yml with placeholders
- Replace Let's Encrypt account numbers with placeholders
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
- Implement multi-server Traefik + Sablier architecture
- Add label-based automatic service discovery
- Create separate Sablier stack deployment
- Add remote server deployment workflow (Option 3)
- Add 9 new functions for multi-server management
- Remove deprecated config-templates folder
- Replace hardcoded private data with placeholders
- Update backup timestamp format to YY_MM_DD_hh_mm
- Add markup.yml to .gitignore
Breaking changes:
- Removed Sablier from core docker-compose.yml (now separate stack)
- Config templates moved from config-templates/ to docker-compose/core/
- REQUIRED_VARS now dynamic based on deployment type
- Add traefik.docker.network=traefik-network label to homepage service
- Prevent Traefik from using wrong IP from homelab-network
- Resolve 504 Gateway Timeout issues after authentication
- Update various docker-compose configurations and templates
- Clean up unused configuration files
- Add CORE_SERVER_IP variable for remote server configuration
- Implement setup_multi_server_tls() function for shared CA management
- Change TLS failure handling from exit-on-error to warning-based approach
- Add TLS_ISSUES_SUMMARY for end-of-deployment remediation guidance
- Update documentation for automated TLS setup process
- Add comprehensive AI assistant instructions for project management
This allows deployments to complete successfully even with TLS issues,
providing clear remediation steps instead of failing the entire setup.
- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach
- Add Sablier middleware to all 32 services across stacks
- Update vaultwarden port from 80 to 8091 to avoid conflicts
- Add tdarr-server and unmanic services with lazy loading
- Optimize health checks (wget for some services, dozzle built-in)
- Update Traefik routers and service definitions
- Update port documentation
All services now support on-demand startup via Sablier middleware.
- Change MediaWiki from port 8084 to 8086 to resolve conflict with TasmoAdmin
- Update Traefik loadbalancer port for MediaWiki
- Add MediaWiki to ports-in-use.md documentation
- TasmoAdmin now uses port 8084, MediaWiki uses port 8086
- Resolve port conflicts: TasmoAdmin (8084), Form.io (3002), Gitea (3010)
- Add missing Authelia SSO and Sablier lazy loading to utilities stack
- Standardize Form.io labels to match TRAEFIK CONFIGURATION guidelines
- Reorganize ports-in-use.md with stack-based table and proper column order
- Remove Dokuwiki deployment from ez-homelab.sh (already in productivity stack)
- Update service restart policies for lazy loading compatibility
- Changed all Sablier groups to ${SERVER_HOSTNAME}-arr for coordinated lazy loading
- Moved x-dockge URLs to top-level section with urls list format
- Added both HTTPS and localhost URLs for service discovery
- Updated guidelines and instructions to reflect new x-dockge format
- Reorganize Sablier middlewares in alphabetical order with authelia first
- Add service definitions comment to external-host-production.yml
- Update docker-guidelines.md with comprehensive Traefik configuration:
* Emphasize authelia SSO and sablier lazy loading as defaults
* Add detailed remote server configuration instructions
* Include complete TRAEFIK CONFIGURATION examples in service creation/modification guidelines
* Expand remote server setup with YAML file examples
* Update planning phase with Traefik considerations
* Enhance documentation phase with HTTPS URLs and routing notes
- Remove redundant .yml files from main docker-compose folder
- Update deploy script to use folder-based structure for all stacks
- Update documentation to reflect new folder-based organization
- Standardize all stacks to use docker-compose.yml in individual folders
This eliminates confusion between file-based and folder-based structures,
making the repository more maintainable and consistent.
- Updated all documentation references from AI-Homelab to EZ-Homelab
- Changed repository URLs and directory paths
- Updated wiki content and navigation
- Maintained AI assistance functionality while emphasizing ease of use
- Updated copilot instructions and agent guidelines
- Document safe stack removal process with proper cleanup steps
- Explain consequences of just deleting folders without stopping containers
- Add restoration instructions for accidentally removed stacks
- Include warnings about data loss and dependency checking
- Explain Let's Encrypt + DuckDNS integration
- Document staging vs production certificate servers
- Add troubleshooting guide for certificate issues
- Include best practices and validation commands
- Cover wildcard certificates and DNS challenge process
- Include commented staging caServer in config template
- Add troubleshooting section for test environment certificate conflicts
- Document rate limit avoidance strategies for development/testing
- Remove explicit DNS resolvers from dnsChallenge to fix propagation check failures
- Add note about resolvers causing issues with DuckDNS TXT record resolution
- Preserve knowledge from certificate debugging session
- Added Traefik labels and routing to prometheus, grafana, loki, cadvisor
- Fixed Grafana ROOT_URL to use domain-based URL (https://grafana.${DOMAIN})
- Added uptime-kuma bypass rule in Authelia (needs initial setup)
- Updated all services to use traefik-network
- Synced domain from kelin-hass to kelin-casa across all configs
- Fixed missing tls=true label on uptime-kuma
- Note: Loki is API-only service (no web UI, accessed via Grafana)
Fixes:
- docker-compose/infrastructure.yml:
- Uncommented Watchtower service
- Updated image from 1.7.1 to latest
- Changed DOCKER_API_VERSION from 1.44 to 1.52 (current Docker version)
- Added default empty value for WATCHTOWER_NOTIFICATION_URL
- scripts/deploy-homelab.sh:
- Removed "temporarily disabled" note
- Added Watchtower to infrastructure stack list
- docs/services-overview.md:
- Updated infrastructure stack count from 7 to 8
- Added Watchtower to service list
Watchtower now runs successfully with scheduled updates at 4 AM daily
Changes:
- scripts/setup-homelab.sh: Remove interactive deployment prompt
- Users must now run deploy script manually
- Simplifies both scripts (no sudo workarounds needed)
- Clearer two-step process: setup then deploy
- Documentation updates:
- README.md: Updated step 3-4 with manual deployment
- docs/getting-started.md: Removed step 6 (log out), clarified steps
- docs/manual-setup.md: Added sudo to deploy command
- docs/troubleshooting/COMMON-ISSUES.md: Added sudo to all deploy commands
Rationale:
- Automatic deployment via 'su -' cannot work with sudo requirement
- Manual two-step process is clearer and more reliable
- Setup focuses on configuration, deploy focuses on services
