feat: add Redis connection diagnostics, VPN routing fixes, and Traefik middleware updates

2025-11-02 15:58:30 +01:00
parent d5655b1456
commit 8344032fb6
12 changed files with 1380 additions and 6 deletions
--- a/deployment/stacks/traefik/dynamic/middlewares.yml
+++ b/deployment/stacks/traefik/dynamic/middlewares.yml
@@ -52,17 +52,23 @@ http:
    #       - "127.0.0.1/32"
    #       - "10.0.0.0/8"
    
-    # VPN-only IP whitelist for Grafana and other monitoring services
+    # VPN-only IP allowlist for Grafana and other monitoring services
    # Restrict access strictly to the WireGuard network
+    # Note: ipAllowList checks the real client IP from the connection
+    # When connected via VPN, client IP should be from 10.8.0.0/24
+    # If client IP shows public IP (e.g., 89.246.96.244), check:
+    # 1. VPN connection is active and traffic is routed through VPN
+    # 2. DNS uses 10.8.0.1 (VPN DNS server) to resolve grafana.michaelschiemer.de
+    # 3. Browser/system routing sends traffic through VPN interface
    grafana-vpn-only:
-      ipWhiteList:
+      ipAllowList:
        sourceRange:
-          - "10.8.0.0/24"      # WireGuard VPN network
+          - "10.8.0.0/24"      # WireGuard VPN network (10.8.0.1 = server, 10.8.0.x = clients)

-    # VPN-only IP whitelist for general use (Traefik Dashboard, etc.)
+    # VPN-only IP allowlist for general use (Traefik Dashboard, etc.)
    # Restrict access strictly to the WireGuard network
    vpn-only:
-      ipWhiteList:
+      ipAllowList:
        sourceRange:
          - "10.8.0.0/24"      # WireGuard VPN network