Remove Gitea's SSH as entrypoint/possible attackvector
This commit is contained in:
parent
6892ae9ef6
commit
51e42ce1f3
|
@ -1,11 +1,10 @@
|
|||
ports:
|
||||
rtmp:
|
||||
port: 1935
|
||||
exposedPort: 1935
|
||||
expose: true
|
||||
web:
|
||||
# port: 80
|
||||
# exposedPort: 80
|
||||
redirectTo: websecure
|
||||
# websecure:
|
||||
# port: 443
|
||||
# exposedPort: 443
|
||||
|
||||
volumes:
|
||||
- name: traefik-configmap
|
||||
|
@ -17,8 +16,6 @@ persistence:
|
|||
accessMode: ReadWriteMany
|
||||
path: /data
|
||||
existingClaim: "traefik"
|
||||
# size: 1Gi
|
||||
# subPath: 'acme.json'
|
||||
|
||||
env:
|
||||
- name: CF_API_EMAIL
|
||||
|
|
|
@ -9,6 +9,8 @@ data:
|
|||
checkNewVersion: true
|
||||
sendAnonymousUsage: true
|
||||
entryPoints:
|
||||
rtmp:
|
||||
address: :1935
|
||||
web:
|
||||
address: :8000
|
||||
websecure:
|
||||
|
@ -42,8 +44,6 @@ data:
|
|||
# - "127.0.0.0/8"
|
||||
# - "192.168.5.0/24"
|
||||
# - "192.168.11.0/24"
|
||||
ssh:
|
||||
address: :2222
|
||||
traefik:
|
||||
address: :9000
|
||||
providers:
|
||||
|
|
|
@ -7,10 +7,6 @@ spec:
|
|||
- protocol: TCP
|
||||
name: ui
|
||||
port: 3000
|
||||
- protocol: TCP
|
||||
name: ssh
|
||||
port: 22
|
||||
targetPort: ssh
|
||||
selector:
|
||||
app: gitea
|
||||
---
|
||||
|
@ -45,8 +41,6 @@ spec:
|
|||
ports:
|
||||
- name: ui
|
||||
containerPort: 3000
|
||||
- name: ssh
|
||||
containerPort: 22
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: flexvolsmb-gitea-data
|
||||
|
@ -81,20 +75,6 @@ spec:
|
|||
middlewares:
|
||||
- name: security-headers@file
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: gitea
|
||||
spec:
|
||||
entryPoints:
|
||||
- ssh
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: gitea
|
||||
port: 22
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
|
|
Loading…
Reference in New Issue