| Age | Commit message (Collapse) | Author | Lines |
|
Downloads jp-aggregated.zone from ipdeny.com at container startup (no
account required). Falls back to open access if download fails.
Removed caddy-maxmind-geoip module (no longer needed).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs.
DB file (GeoLite2-Country.mmdb) must be placed manually on the server.
Filter is inactive when DB file is absent, allowing safe rollout.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
The forward_proxy site block must catch all hosts on port 80 because
proxy clients send Host: <target> not Host: proxy.yyamashita.com.
Non-proxy requests fall through to the redir for HTTPS upgrade.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Add PROXY_NO_AUTH env var support to entrypoint.sh to skip basicauth
generation. Set to 1 in docker-compose.yml to allow unauthenticated access.
Revert by removing the environment block from docker-compose.yml.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Replace standalone Squid container with caddy-forwardproxy plugin so the
proxy shares Caddy's existing ports and TLS. HTTP on :80 and HTTPS on :443.
Auth is read from the same vpn/users.conf at Caddy startup via entrypoint.sh.
DNS: add proxy to setup-route53.py WEB_SUBDOMAINS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|