<feed xmlns='http://www.w3.org/2005/Atom'>
<title>hetzner-infra/caddy, branch master</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.
</subtitle>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/'/>
<entry>
<title>Dedupe Caddyfile with snippets, sync docs with reality, add tests/check.sh</title>
<updated>2026-07-11T11:35:09+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-11T11:35:09+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=5b4aee69b4c6bf295bc44aad6171e17a0d80e63c'/>
<id>5b4aee69b4c6bf295bc44aad6171e17a0d80e63c</id>
<content type='text'>
- Caddyfile: extract repeated header blocks into (noindex)/(crawler_bypass)
  snippets (adapted JSON verified byte-identical to previous config)
- CLAUDE.md: add mosquitone-admin/microblog to repos table; document that
  proxy auth is disabled (PROXY_NO_AUTH=1) with JP-only IP filter instead
- Deploy.md/caddy/README.md: reflect all-service deploy and forward proxy
- tests/check.sh: shell/python syntax, repos.txt&lt;-&gt;hooks&lt;-&gt;sessions.txt
  consistency, app.py COMMANDS vs run-command.sh whitelist, secrets check

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
- Caddyfile: extract repeated header blocks into (noindex)/(crawler_bypass)
  snippets (adapted JSON verified byte-identical to previous config)
- CLAUDE.md: add mosquitone-admin/microblog to repos table; document that
  proxy auth is disabled (PROXY_NO_AUTH=1) with JP-only IP filter instead
- Deploy.md/caddy/README.md: reflect all-service deploy and forward proxy
- tests/check.sh: shell/python syntax, repos.txt&lt;-&gt;hooks&lt;-&gt;sessions.txt
  consistency, app.py COMMANDS vs run-command.sh whitelist, secrets check

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Restrict proxy to Japan IPs using ipdeny.com CIDR list</title>
<updated>2026-07-02T15:45:51+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:45:51+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=e14f9edcb95875e2519461690915ab3e25740e96'/>
<id>e14f9edcb95875e2519461690915ab3e25740e96</id>
<content type='text'>
Downloads jp-aggregated.zone from ipdeny.com at container startup (no
account required). Falls back to open access if download fails.
Removed caddy-maxmind-geoip module (no longer needed).

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Downloads jp-aggregated.zone from ipdeny.com at container startup (no
account required). Falls back to open access if download fails.
Removed caddy-maxmind-geoip module (no longer needed).

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Add GeoIP Japan-only filter to forward proxy</title>
<updated>2026-07-02T15:40:17+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:40:17+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=c39ec05968656aaa893ed7e4b20b7d5f5ccbe5b5'/>
<id>c39ec05968656aaa893ed7e4b20b7d5f5ccbe5b5</id>
<content type='text'>
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs.
DB file (GeoLite2-Country.mmdb) must be placed manually on the server.
Filter is inactive when DB file is absent, allowing safe rollout.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs.
DB file (GeoLite2-Country.mmdb) must be placed manually on the server.
Filter is inactive when DB file is absent, allowing safe rollout.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix HTTP proxy directive order: forward_proxy must run before redir</title>
<updated>2026-07-02T15:32:18+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:32:18+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=39d30042f0c9925ad3ba446311128c7e530680ce'/>
<id>39d30042f0c9925ad3ba446311128c7e530680ce</id>
<content type='text'>
Caddy's default directive ordering places redir before forward_proxy,
causing HTTP proxy requests to be redirected to HTTPS instead of being
forwarded. Changing order to forward_proxy before redir fixes this.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Caddy's default directive ordering places redir before forward_proxy,
causing HTTP proxy requests to be redirected to HTTPS instead of being
forwarded. Changing order to forward_proxy before redir fixes this.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>caddy: add --build to deploy.sh so entrypoint changes are picked up</title>
<updated>2026-07-02T15:28:48+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:28:48+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=dd956b4c7a01b5e9cd24aa9c5eae813743ff1d15'/>
<id>dd956b4c7a01b5e9cd24aa9c5eae813743ff1d15</id>
<content type='text'>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix HTTP proxy: use catch-all http:// block for port 80</title>
<updated>2026-07-02T15:26:47+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:26:47+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=579daf4aa1875a739c084ea7051e6b4d203f0c69'/>
<id>579daf4aa1875a739c084ea7051e6b4d203f0c69</id>
<content type='text'>
The forward_proxy site block must catch all hosts on port 80 because
proxy clients send Host: &lt;target&gt; not Host: proxy.yyamashita.com.
Non-proxy requests fall through to the redir for HTTPS upgrade.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The forward_proxy site block must catch all hosts on port 80 because
proxy clients send Host: &lt;target&gt; not Host: proxy.yyamashita.com.
Non-proxy requests fall through to the redir for HTTPS upgrade.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Disable proxy auth permanently (PROXY_NO_AUTH=1)</title>
<updated>2026-07-02T15:06:25+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:06:25+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=8eaf524e3d605473fdf4ddb373ed0b4708a95f61'/>
<id>8eaf524e3d605473fdf4ddb373ed0b4708a95f61</id>
<content type='text'>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Re-enable proxy auth (remove PROXY_NO_AUTH=1)</title>
<updated>2026-07-02T15:02:38+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T15:02:38+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=9c9cef435ee0313596b10450d71fe406ff7d3661'/>
<id>9c9cef435ee0313596b10450d71fe406ff7d3661</id>
<content type='text'>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Add global order option for forward_proxy directive</title>
<updated>2026-07-02T14:28:40+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T14:28:40+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=51cba70910a79e5a6c53776443054974a6343f9c'/>
<id>51cba70910a79e5a6c53776443054974a6343f9c</id>
<content type='text'>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix forward_proxy config: remove unsupported hide_ip/hide_via directives</title>
<updated>2026-07-02T14:27:15+00:00</updated>
<author>
<name>yyamashita</name>
<email>yyamashita@hetzner.yyamashita.com</email>
</author>
<published>2026-07-02T14:27:15+00:00</published>
<link rel='alternate' type='text/html' href='http://git.yyamashita.com/hetzner-infra/commit/?id=3cc1129f9f83e5b85eef4c77280a8a7cffee3341'/>
<id>3cc1129f9f83e5b85eef4c77280a8a7cffee3341</id>
<content type='text'>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
