<feed xmlns='http://www.w3.org/2005/Atom'>
<title>hetzner-infra/.gitignore, branch master</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.
</subtitle>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/'/>
<entry>
<title>Dedupe Caddyfile with snippets, sync docs with reality, add tests/check.sh</title>
<updated>2026-07-11T11:35:09+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-11T11:35:09+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=5b4aee69b4c6bf295bc44aad6171e17a0d80e63c'/>
<id>5b4aee69b4c6bf295bc44aad6171e17a0d80e63c</id>
<content type='text'>
- Caddyfile: extract repeated header blocks into (noindex)/(crawler_bypass)
  snippets (adapted JSON verified byte-identical to previous config)
- CLAUDE.md: add mosquitone-admin/microblog to repos table; document that
  proxy auth is disabled (PROXY_NO_AUTH=1) with JP-only IP filter instead
- Deploy.md/caddy/README.md: reflect all-service deploy and forward proxy
- tests/check.sh: shell/python syntax, repos.txt&lt;-&gt;hooks&lt;-&gt;sessions.txt
  consistency, app.py COMMANDS vs run-command.sh whitelist, secrets check

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
- Caddyfile: extract repeated header blocks into (noindex)/(crawler_bypass)
  snippets (adapted JSON verified byte-identical to previous config)
- CLAUDE.md: add mosquitone-admin/microblog to repos table; document that
  proxy auth is disabled (PROXY_NO_AUTH=1) with JP-only IP filter instead
- Deploy.md/caddy/README.md: reflect all-service deploy and forward proxy
- tests/check.sh: shell/python syntax, repos.txt&lt;-&gt;hooks&lt;-&gt;sessions.txt
  consistency, app.py COMMANDS vs run-command.sh whitelist, secrets check

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Restrict proxy to Japan IPs using ipdeny.com CIDR list</title>
<updated>2026-07-02T15:45:51+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:45:51+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=e14f9edcb95875e2519461690915ab3e25740e96'/>
<id>e14f9edcb95875e2519461690915ab3e25740e96</id>
<content type='text'>
Downloads jp-aggregated.zone from ipdeny.com at container startup (no
account required). Falls back to open access if download fails.
Removed caddy-maxmind-geoip module (no longer needed).

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Downloads jp-aggregated.zone from ipdeny.com at container startup (no
account required). Falls back to open access if download fails.
Removed caddy-maxmind-geoip module (no longer needed).

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Add GeoIP Japan-only filter to forward proxy</title>
<updated>2026-07-02T15:40:17+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:40:17+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=c39ec05968656aaa893ed7e4b20b7d5f5ccbe5b5'/>
<id>c39ec05968656aaa893ed7e4b20b7d5f5ccbe5b5</id>
<content type='text'>
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs.
DB file (GeoLite2-Country.mmdb) must be placed manually on the server.
Filter is inactive when DB file is absent, allowing safe rollout.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs.
DB file (GeoLite2-Country.mmdb) must be placed manually on the server.
Filter is inactive when DB file is absent, allowing safe rollout.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Add hetzner-admin: SSH-based server management web UI</title>
<updated>2026-06-19T04:39:27+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-06-19T04:39:27+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=50e887cb22ca375e66f7948033e05f596c9f43f5'/>
<id>50e887cb22ca375e66f7948033e05f596c9f43f5</id>
<content type='text'>
Basic Auth protected web UI with buttons to restart services and reboot.
SSH key with authorized_keys command= restriction limits executable commands.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Basic Auth protected web UI with buttons to restart services and reboot.
SSH key with authorized_keys command= restriction limits executable commands.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Initial: shared Caddy reverse proxy on web network</title>
<updated>2026-05-08T14:42:07+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@mosquit.one</email>
</author>
<published>2026-05-08T14:42:07+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=73a035d82eb5dc27c56251e5466f6c8af0a1d0a1'/>
<id>73a035d82eb5dc27c56251e5466f6c8af0a1d0a1</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
</feed>
