audit(gremlin): web FAIL 2026-05-04
This commit is contained in:
parent
a3be55f7b4
commit
9ff6a92ec9
1 changed files with 54 additions and 0 deletions
54
Netgrimoire/Audits/web-2026-05-04.md
Normal file
54
Netgrimoire/Audits/web-2026-05-04.md
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
title: Audit - web.yaml
|
||||
description: Gremlin audit report 2026-05-04
|
||||
published: true
|
||||
date: 2026-05-04T11:44:47.635Z
|
||||
tags: gremlin,audit
|
||||
editor: markdown
|
||||
dateCreated: 2026-05-04T11:44:47.635Z
|
||||
---
|
||||
|
||||
# Audit Report — web.yaml
|
||||
|
||||
**Date:** 2026-05-04
|
||||
**File:** swarm/web.yaml
|
||||
**Type:** Docker Swarm
|
||||
**Verdict:** FAIL
|
||||
|
||||
---
|
||||
|
||||
1. **Homepage labels**:
|
||||
- `homepage.group` is missing.
|
||||
- `homepage.href` is missing.
|
||||
- `homepage.description` is missing.
|
||||
|
||||
2. **Uptime Kuma labels**:
|
||||
- `kuma.web.http.name` and `kuma.web.http.url` are correct.
|
||||
|
||||
3. **Caddy labels on exposed services**:
|
||||
- The `caddy.reverse_proxy` should be `"web:80"` instead of `"web:80"`.
|
||||
- `caddy.import=authentik` and `caddy.import=crowdsec` should specify the domain names for these imports.
|
||||
|
||||
4. **Placement constraints**:
|
||||
- `node.labels.cpu == amd` is correctly placed, but `node.hostname` is not specified in the constraints.
|
||||
|
||||
5. **Volumes use /DockerVol/<service> path convention**:
|
||||
- The volumes are using a different convention (`/data/nfs/znas/Docker/web/pages` and `/data/nfs/znas/Docker/web/apache`).
|
||||
|
||||
6. **Network references external netgrimoire overlay**:
|
||||
- The `netgrimoire` network is correctly referenced as an external network.
|
||||
|
||||
**FAIL items with specific issue and fix**:
|
||||
- `homepage.group`, `homepage.href`, and `homepage.description` are missing from the labels.
|
||||
- Fix: Add these labels to provide a complete homepage configuration.
|
||||
|
||||
- The Caddy label for reverse proxy should be corrected.
|
||||
- Fix: Change `"caddy.reverse_proxy=\"web:80\""` to `"caddy.reverse_proxy=web:80"`.
|
||||
|
||||
- The `caddy.import` labels should specify domain names.
|
||||
- Fix: Provide specific domain names for the imports, e.g., `caddy.import=authentik.example.com` and `caddy.import=crowdsec.example.com`.
|
||||
|
||||
- Volumes are using a different convention.
|
||||
- Fix: Use `/DockerVol/web/pages` and `/DockerVol/web/apache` for volumes.
|
||||
|
||||
**Final line**: VERDICT: FAIL
|
||||
Loading…
Add table
Add a link
Reference in a new issue