refactor: Cloudflare Tunnel + frp SSH 中转变更

- 新增 cloudflared Docker 服务替代原 Bandwagon frp 方案 - 新增 frpc 转发 Git SSH 到阿里云 VPS - 为所有服务添加 web entrypoint 路由（兼容 cloudflared HTTP） - HedgeDoc 添加 X-Forwarded-Proto 中间件修复 CSP 登录问题 - Homepage 添加 xiteng.site 根域名路由 - Gitea 配置 SSH_DOMAIN=git.xiteng.site - 更新 README 反映当前架构 - .gitignore: frpc.toml / credentials / letsencrypt
2026-05-25 16:13:02 +08:00
parent 90d7db8782
commit c824e22b53
9 changed files with 173 additions and 46 deletions
@@ -16,6 +16,16 @@ services:
      - "traefik.http.routers.homepage.rule=Host(`home.xiteng.site`)"
      - "traefik.http.services.homepage.loadbalancer.server.port=3000"
      - "traefik.http.routers.homepage.entrypoints=websecure"
+      # --- 根域名 xiteng.site ---
+      - "traefik.http.routers.homepage-root.rule=Host(`xiteng.site`)"
+      - "traefik.http.routers.homepage-root.service=homepage"
+      - "traefik.http.routers.homepage-root.entrypoints=websecure"
+      # --- HTTP 入口（来自 cloudflared tunnel）---
+      - "traefik.http.routers.homepage-root-http.rule=Host(`xiteng.site`)"
+      - "traefik.http.routers.homepage-root-http.service=homepage"
+      - "traefik.http.routers.homepage-root-http.entrypoints=web"
+      - "traefik.http.routers.homepage-root.tls=true"
+      - "traefik.http.routers.homepage-root.tls.certresolver=cfresolver"
      # --- 新增：开启 TLS 并指定解析器 ---
      - "traefik.http.routers.homepage.tls=true"
      - "traefik.http.routers.homepage.tls.certresolver=cfresolver"