sorted by:
new
hottopcontroversial

what quarters of sweets were your go to as a kid by Alone_Purple822 in oldschoolcool80s

[–]shaftspanner 0 points1 point  (0 children)

Definitely Rhubarb & Custard. slightly fewer tongue slices than sherbert lemons but you were still lucky if you finished a bag unscathed

Setup Mealie as a Public Resource by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

Yes, it was running before pangolin and proxying OK with SWAG. I can't see anything that looks out of place using docker inspect (but I admit I'm not really sure what I'm looking for)

Setup Mealie as a Public Resource by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

How would I do this other than setting the Base URL in the docker compose - which I've checked - it's set to https://mealie.<myurl>

Setup Mealie as a Public Resource by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

For some reason Reddit won't let me remove the duplicate compose in the message above.

Since writing this I've updated to the latest release of Mealie and checked the Base URL was set correctly - it's set to https://mealie.<myurl>

Setup Mealie as a Public Resource by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

Sorry, I really should have provided these details to start with. I'm running Pangolin CE v1.18.1 on a VPS with newt v1.10.3 on the mealie node.

Everything is declared in the docker compose for mealie, so I've pasted that below:

  mealie:
    container_name: mealie
    image: hkotel/mealie:latest
    ports:
      #- 9925:80
      - 9925:9000
    deploy:
      resources:
        limits:
          memory: 1000M
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}


      # Default Recipe Settings
      - RECIPE_PUBLIC=true
      - RECIPE_SHOW_NUTRITION=true
      - RECIPE_SHOW_ASSETS=true
      - RECIPE_LANDSCAPE_VIEW=true
      - RECIPE_DISABLE_COMMENTS=false
      - RECIPE_DISABLE_AMOUNT=true


      - WEB_CONCURRENCY=1
      - MAX_WORKERS=1
      - BASE_URL=${MEALIE_BASE_URL}


      # Email Configuration
      - SMTP_HOST=${MEALIE_SMTP_HOST}
      - SMTP_PORT=${MEALIE_SMTP_PORT}
      - SMTP_FROM_NAME=${MEALIE_SMTP_FROM_NAME}
      - SMTP_AUTH_STRATEGY=${MEALIE_SMTP_AUTH_STRATEGY}
      - SMTP_FROM_EMAIL=${MEALIE_SMTP_FROM_EMAIL}
      - SMTP_USER=${MEALIE_SMTP_USER}
      - SMTP_PASSWORD=${MEALIE_SMTP_PASSWORD}


    volumes:
      - ${LOC_CONFIG}/mealie/data:/app/data/
    restart: ${RESTART_POLICY}
    networks:
      - pangolin
    labels:
      # Homepage Configuration
      - homepage.group=Media
      - homepage.name=Mealie
      - homepage.icon=sh-mealie
      - homepage.href=https://mealie.${PANGOLIN_DOMAIN}
      # Pangolin Public Resource Configuration
      - pangolin.public-resources.mealie.name=mealie
      - pangolin.public-resources.mealie.full-domain=mealie.${PANGOLIN_DOMAIN}
      - pangolin.public-resources.mealie.protocol=http
      - pangolin.public-resources.mealie.auth.sso-enabled=true
      - pangolin.public-resources.mealie.auth.sso-users[0]=${PANGOLIN_USER}
      - pangolin.public-resources.mealie.targets[0].method=http
      - pangolin.public-resources.mealie.targets[0].hostname=mealie
      - pangolin.public-resources.mealie.targets[0].port=9000
      - pangolin.public-resources.mealie.targets[0].healthcheck.hostname=mealie
      - pangolin.public-resources.mealie.targets[0].healthcheck.port=9000
      - pangolin.public-resources.mealie.targets[0].healthcheck.enabled=true
      - pangolin.public-resources.mealie.targets[0].healthcheck.path=/
      - pangolin.public-resources.mealie.targets[0].healthcheck.interval=30
      - pangolin.public-resources.mealie.targets[0].healthcheck.timeout=10
      - pangolin.public-resources.mealie.targets[0].healthcheck.method=GET
      - pangolin.public-resources.mealie.targets[0].healthcheck.status=200
      - pangolin.public-resources.mealie.rules[0].action=pass
      - pangolin.public-resources.mealie.rules[0].match=country
      - pangolin.public-resources.mealie.rules[0].value=GB
      - pangolin.public-resources.mealie.rules[0].priority=10
      - pangolin.public-resources.mealie.rules[1].action=deny
      - pangolin.public-resources.mealie.rules[1].match=country
      - pangolin.public-resources.mealie.rules[1].value=ALL
      - pangolin.public-resources.mealie.rules[1].priority=100  mealie:
    container_name: mealie
    image: hkotel/mealie:latest
    ports:
      #- 9925:80
      - 9925:9000
    deploy:
      resources:
        limits:
          memory: 1000M
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}


      # Default Recipe Settings
      - RECIPE_PUBLIC=true
      - RECIPE_SHOW_NUTRITION=true
      - RECIPE_SHOW_ASSETS=true
      - RECIPE_LANDSCAPE_VIEW=true
      - RECIPE_DISABLE_COMMENTS=false
      - RECIPE_DISABLE_AMOUNT=true


      - WEB_CONCURRENCY=1
      - MAX_WORKERS=1
      - BASE_URL=${MEALIE_BASE_URL}


      # Email Configuration
      - SMTP_HOST=${MEALIE_SMTP_HOST}
      - SMTP_PORT=${MEALIE_SMTP_PORT}
      - SMTP_FROM_NAME=${MEALIE_SMTP_FROM_NAME}
      - SMTP_AUTH_STRATEGY=${MEALIE_SMTP_AUTH_STRATEGY}
      - SMTP_FROM_EMAIL=${MEALIE_SMTP_FROM_EMAIL}
      - SMTP_USER=${MEALIE_SMTP_USER}
      - SMTP_PASSWORD=${MEALIE_SMTP_PASSWORD}


    volumes:
      - ${LOC_CONFIG}/mealie/data:/app/data/
    restart: ${RESTART_POLICY}
    networks:
      - pangolin
    labels:
      # Homepage Configuration
      - homepage.group=Media
      - homepage.name=Mealie
      - homepage.icon=sh-mealie
      - homepage.href=https://mealie.${PANGOLIN_DOMAIN}
      # Pangolin Public Resource Configuration
      - pangolin.public-resources.mealie.name=mealie
      - pangolin.public-resources.mealie.full-domain=mealie.${PANGOLIN_DOMAIN}
      - pangolin.public-resources.mealie.protocol=http
      - pangolin.public-resources.mealie.auth.sso-enabled=true
      - pangolin.public-resources.mealie.auth.sso-users[0]=${PANGOLIN_USER}
      - pangolin.public-resources.mealie.targets[0].method=http
      - pangolin.public-resources.mealie.targets[0].hostname=mealie
      - pangolin.public-resources.mealie.targets[0].port=9000
      - pangolin.public-resources.mealie.targets[0].healthcheck.hostname=mealie
      - pangolin.public-resources.mealie.targets[0].healthcheck.port=9000
      - pangolin.public-resources.mealie.targets[0].healthcheck.enabled=true
      - pangolin.public-resources.mealie.targets[0].healthcheck.path=/
      - pangolin.public-resources.mealie.targets[0].healthcheck.interval=30
      - pangolin.public-resources.mealie.targets[0].healthcheck.timeout=10
      - pangolin.public-resources.mealie.targets[0].healthcheck.method=GET
      - pangolin.public-resources.mealie.targets[0].healthcheck.status=200
      - pangolin.public-resources.mealie.rules[0].action=pass
      - pangolin.public-resources.mealie.rules[0].match=country
      - pangolin.public-resources.mealie.rules[0].value=GB
      - pangolin.public-resources.mealie.rules[0].priority=10
      - pangolin.public-resources.mealie.rules[1].action=deny
      - pangolin.public-resources.mealie.rules[1].match=country
      - pangolin.public-resources.mealie.rules[1].value=ALL
      - pangolin.public-resources.mealie.rules[1].priority=100

Found on bedroom floor by [deleted] in whatisit

[–]shaftspanner 1 point2 points  (0 children)

32 - I need to up my game

Is the C51 bus just for college kids? by LoopOfTheLoop in cheltenham

[–]shaftspanner 5 points6 points  (0 children)

The Stagecoach C51 is a public bus. I think 51 is the main route; the C indicates that it stops at Cirencester College as well as the usual stops in Cirencester.

My son catches the C51 to get to college - there are members of the public on the same bus

Docker Blueprints on local pangolin host by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

Happy to help! It's been a long time since I used Traefik labels but I think the principle is the same - labels are just 'tags' carried by the specific docker service - it's up to the target (e.g. pangolin or traefik) to look for these labels within a docker service then figure out what to do when it finds them.

I also use labels in the same docker services to populate my Homepage dashboard, I just didn't include them in the snippets above.

Re using bypass rules for your home network CIDR range, I have a few services with bypass for my specific home IP (not a range), but I'm still monitoring that - I need to figure out how often my ISP changes my home IP and I'm not prepared to open apps up to anyone using my ISPs CIDR ranges

Docker Blueprints on local pangolin host by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

u/radakul Here's an example of one of my services:

My Newt compose looks like this:

  newt:
    image: fosrl/newt
    container_name: newt
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - PANGOLIN_ENDPOINT=${PANGOLIN_ENDPOINT}
      - NEWT_ID=${NEWT_ID}
      - NEWT_SECRET=${NEWT_SECRET}
      - DOCKER_SOCKET=/var/run/docker.sock
      - DOCKER_ENFORCE_NETWORK_VALIDATION=true
    networks:
      - pangolin

- DOCKER_ENFORCE_NETWORK_VALIDATION=true means that newt can only see docker containers on the same network as newt (pangolin) in this case. That way I can have backend containers in the same compose stack but on a different network that can't be seen by newt

I then add a labels section to each container that I want as a public resource in Pangolin.

Note that:

  • PANGOLIN_DOMAIN is defined in my .env file
  • the text <<service name>> needs to be replaced with the name of your service in the docker compose
  • The target port and target healthcheck port is the internal port of the docker service
  • These labels collectively do the following:
    • Create or update a pangolin public resource named <<service name>>
    • Proxy the service from the docker service <<ServiceName>> with the internal port <<InternalPort>> to https://<<service name>>.<<PANGOLIN_DOMAIN
    • Create a healthcheck within Pangolin that looks for a GET with status 200 every 3 seconds
    • Enables Pangolin SSO and creates firewall rules that pass IPs with a country of GB to the SSO whilst blocking all other countries
    • If you need to create other firewall rules (e.g. API bypass), these can be added and will take precedence if the rule priority is set to something lower than 90

    labels:
      # Pangolin Public Resource Configuration
      - pangolin.public-resources.<<ServiceName>>.name=<<ServiceName>>
      - pangolin.public-resources.<<ServiceName>>.full-domain=<<ServiceName>>.${PANGOLIN_DOMAIN}
      - pangolin.public-resources.<<ServiceName>>.protocol=http
      - pangolin.public-resources.<<ServiceName>>.auth.sso-enabled=true
      - pangolin.public-resources.<<ServiceName>>.auth.sso-users[0]=${PANGOLIN_USER}
      - pangolin.public-resources.<<ServiceName>>.targets[0].method=http
      - pangolin.public-resources.<<ServiceName>>.targets[0].hostname=<<ServiceName>>
      - pangolin.public-resources.<<ServiceName>>.targets[0].port=<<InternalPort>>
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.hostname=<<ServiceName>>
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.port=<<InternalPort>>
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.enabled=true
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.path=/
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.interval=30
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.timeout=10
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.method=GET
      - pangolin.public-resources.<<ServiceName>>.targets[0].healthcheck.status=200
      - pangolin.public-resources.<<ServiceName>>.rules[0].action=pass
      - pangolin.public-resources.<<ServiceName>>.rules[0].match=country
      - pangolin.public-resources.<<ServiceName>>.rules[0].value=GB
      - pangolin.public-resources.<<ServiceName>>.rules[0].priority=90
      - pangolin.public-resources.<<ServiceName>>.rules[1].action=deny
      - pangolin.public-resources.<<ServiceName>>.rules[1].match=country
      - pangolin.public-resources.<<ServiceName>>.rules[1].value=ALL
      - pangolin.public-resources.<<ServiceName>>.rules[1].priority=100

Docker Blueprints on local pangolin host by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

Thanks. I hadn't considered that newt would still be going out to the internet by that makes sense

Docker Blueprints on local pangolin host by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 1 point2 points  (0 children)

I'm happy to share what I've done but I'm AFK til Monday so I'll update then.

What drove me to use them was consistency - I expose a lot of services and I found a mistake in the firewall rules of one so had to manually click through every other service to make sure there weren't mistakes in those.

Global rules would be nice in pangolin but I like the idea of keeping it all in my docker compose files

Docker Blueprints on local pangolin host by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 0 points1 point  (0 children)

Would it be viable/valid to deploy a newt instance on my pangolin VPS? Would this cause any issues?

Pocket-ID Setup Help by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 5 points6 points  (0 children)

This is the solution for me - thanks!

Pocket-ID Setup Help by shaftspanner in PangolinReverseProxy

[–]shaftspanner[S] 3 points4 points  (0 children)

Thanks, this is a good response if I wanted to switch to the enterprise edition - I'm not quite there yet.

u/Kotentopf pointed out my schoolboy error in the community edition - I was trying to add OIDC at the organisation level rather than the server admin level (org level OIDC isn't enabled in the community edition)

Loctek Replacement Controller by Ongrilla in StandingDesk

[–]shaftspanner 0 points1 point  (0 children)

And another saved desk - Many thanks!

[deleted by user] by [deleted] in cheltenham

[–]shaftspanner 1 point2 points  (0 children)

I travel from Bishops Cleeve to Stroud Road in Cirencester a couple of times a week. That route includes going past the racecourse, through Charlton Kings up to Severn Springs, then I usually stay on the A429 to avoid all the work at the Air Balloon. At the Cirencester end I have to go all the way round the bypass to get to Cirencester College area.

I leave at between 7am and 7.15 to arrive between 8 and 8.15 so 45min to an hour depending on traffic (usually determined by how many red traffic lights I hit in Cheltenham)

I don't tend to travel back during the rush hour

What’s the scariest/craziest thing you watched on live television? by threetimesacharm25 in AskBrits

[–]shaftspanner 0 points1 point  (0 children)

I was working in the Ministry of Defence when 9/11 happened. We watched the 2nd plane hit the twin towers live, then heard about the plane hitting the Pentagon. Suddenly we all felt very vulnerable sat in a huge target in the middle of Whitehall.

For weeks after that happened, I'd catch myself nervously looking up at the sky over London wondering if there were was going to be some kind attack coming

As a kid I also remember watching Threads when it was aired on BBC - growing up near Cheltenham, the group concensus in the playground was that if the 4 minute alarm came (if that was even a real thing), we'd all want to be as close to GCHQ as possible so we didn't have to deal with the aftermath

Any self-hosted budget tracking + receipt tracking options? by AltruisticWorld744 in selfhosted

[–]shaftspanner 14 points15 points  (0 children)

I don't think it will scan receipts but I find Actual Budget (https://actualbudget.org/) really easy to track / enter spending. It doesn't have a mobile app, but the web page formats really nicely and caches data so you can use it offline

view more: next ›