mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-04 05:33:14 -04:00
fix: close OVA build gaps — 24.04, overlay copy, full compose stack
- Replace ubuntu-26.04 (unreleased) with ubuntu-24.04 LTS throughout - Add file provisioner to Packer HCL to copy overlays/ into VM before provisioning (fixes missing zroc-setup binary in 03-setup-wizard.sh) - Rebuild root docker-compose.yaml: full stack with env vars — Caddy, zroc-ui, Authentik (server + worker + postgres + redis), Prometheus, Grafana, Zerto exporter, Watchtower; no hardcoded credentials - Add caddy/Caddyfile to repo root for reverse proxy / TLS - Update 02-zroc.sh to pre-pull all service images during OVA build - Update GitHub Actions workflow to reference ubuntu-2404.pkr.hcl Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
{
|
||||
admin off
|
||||
auto_https off
|
||||
log {
|
||||
format json
|
||||
}
|
||||
}
|
||||
|
||||
:443 {
|
||||
tls internal
|
||||
|
||||
handle /auth/* {
|
||||
reverse_proxy authentik-server:9000 {
|
||||
header_up X-Forwarded-Proto https
|
||||
header_up X-Forwarded-For {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
handle /outpost.goauthentik.io/* {
|
||||
reverse_proxy authentik-server:9000 {
|
||||
header_up X-Forwarded-Proto https
|
||||
}
|
||||
}
|
||||
|
||||
handle {
|
||||
reverse_proxy zroc-ui:3001 {
|
||||
header_up X-Forwarded-Proto https
|
||||
header_up X-Forwarded-For {remote_host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
health_uri /api/health
|
||||
health_interval 15s
|
||||
}
|
||||
}
|
||||
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
||||
-Server
|
||||
}
|
||||
}
|
||||
|
||||
:80 {
|
||||
redir https://{host}{uri} permanent
|
||||
}
|
||||
Reference in New Issue
Block a user