5005a4980a
- Bind Loki to 127.0.0.1:3100 instead of 0.0.0.0:3100 to prevent external access - Add Traefik labels for secure HTTPS access with Authentik authentication - Bind Blackbox Exporter to 127.0.0.1:9115 instead of 0.0.0.0:9115 - Add Traefik labels for secure monitoring dashboard access - Enable Authentik middleware for Portainer (was disabled temporarily) - Services are now only accessible through Traefik reverse proxy with HTTPS and SSO Fixes critical security issues: - Prevents direct access to monitoring services (CVSS 9.8-9.1) - Eliminates log file exposure through public Loki port - Restricts infrastructure reconnaissance via Blackbox exporter - Enforces authentication for critical management tools 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 00-infrastructure | ||
| 01-security | ||
| 02-core | ||
| 03-business | ||
| 04-tools | ||
| 05-backups | ||
| infrastructure-docs | ||
| postiz-config | ||
| fix_odoo_pass.py | ||