- Replace config file with command-line arguments for Docker compatibility
- Enable file search, deduplication, and partial upload features
- Configure reverse proxy support with xff-src and rproxy flags
- Add password database integration with chpw support
- Map all NAS volumes with appropriate permissions
- Fix health check to use /files/ path
- Remove obsolete copyparty.conf (incompatible with Docker image)
- Document interactive installation process
- Add complete EU country whitelist configuration
- Include setup commands and wizard prompts
- Clarify that geoip-shell was used instead of manual iptables setup
- Automates symlinking of docker-compose.yml files from repo to /opt/docker
- Includes Gitea, Jellyfin, qBittorrent, Portainer
- Symlinks daemon.json to /etc/docker
- Creates timestamped backups before replacing files
- Eliminates need for manual config copying
- Renamed docker-compose.yml to .disabled
- Service can be re-enabled by renaming file back to .yml
- Nextcloud not currently needed with Copyparty in place
- Web UI for Docker container management
- Bound to localhost (reverse proxy recommended)
- Uses named volume for persistent data
- Configured for Europe/Budapest timezone
- Resource limits and health checks included
- Removed comments from daemon.json (JSON doesn't support comments)
- Synced with deployed working version
- Maintains minimal working configuration with logging only
- New /installers volume for game installers and ISO files
- Accessible to both guest and hoborg users
- Complements existing torrent categorization structure
- Add CLAUDE.md with AI assistant configuration
- Add scripts/permanent-ban-repeat-offenders.sh for automated permanent banning
- Script automatically detects and permanently bans IPs banned >4 times by fail2ban
- Integrates with iptables and geoip-shell for comprehensive security
- Add docs/geoip-blocking.md with complete geoip-shell setup documentation
- Update README.md to include geoip blocking in goals, status, and documentation structure
- Update docs/network-security.md with geoip blocking and permanent ban sections
- Mark geoip blocking task as completed in TODO.md
- Document permanent-ban-repeat-offenders.sh script and its cron job
- Document common Docker issues and filesystem permission problems
- Include service management and configuration validation steps
- Provide systematic debugging approach for Gitea deployment issues
- Add security hardening guidelines to CLAUDE.md with container-specific notes
- Update TODO.md with new security and dockerization tasks
- Add geoblocking and syncthing sync items to task list
- Simplify daemon.json to minimal working version, removing problematic
security settings that caused read-only filesystem issues
- Update Gitea docker-compose.yml to working configuration:
- Remove read-only filesystem (breaks s6-overlay init)
- Keep user privilege dropping via USER_UID/USER_GID
- Bind SSH port directly for Git operations
- Maintain localhost binding for web interface
- scripts/setup-security-hardening.sh: One-command deployment of all security configurations
- Includes SSH hardening, kernel parameters, Docker security, fail2ban, and nginx rate limiting
- Provides status output and next steps for verification
- config/docker/daemon.json: Docker security hardening with logging limits and security options
- config/systemd/nginx.service.d/rate-limit.conf: Nginx resource limits and connection throttling
- Includes deployment instructions for container and service security
- config/fail2ban/jail.local: Main jail configuration with SSH, web, and service protection
- config/fail2ban/filter.d/sshd-ddos.conf: SSH connection flooding protection
- config/fail2ban/filter.d/nginx-badbots.conf: Web scanner and bot detection
- config/fail2ban/filter.d/gitea-auth.conf: Gitea authentication failure detection
- Includes deployment instructions for automated IP banning
- config/systemd/ssh-honeypot.service: Systemd service for port 22 honeypot
- config/honeypot/response.sh: Response script that logs connections and sends fake SSH banner
- Both files include deployment instructions and setup commands
- Document critical security vulnerabilities found
- Provide step-by-step hardening procedures
- Include SSL certificate recovery from git history
- Add SSH hardening with Mosh compatibility
- Document VPN setup with WireGuard
- Create implementation checklists and status tracking
- setup-glances.sh: Install Glances with web interface and systemd service
- setup-netdata.sh: Install Netdata without nginx configuration changes
- deploy-netdata-config.sh: Complete Netdata deployment with privacy config
- Remove redundant iterative scripts from troubleshooting process
- Each script handles one specific deployment task cleanly
- Add Netdata config with cloud features disabled
- Configure localhost-only binding for security
- Disable telemetry and registry features
- Add systemd service configuration for Glances web server
- Ensure monitoring services run with proper isolation
- Remove Cockpit reverse proxy configuration
- Add Netdata reverse proxy with basic auth protection
- Configure same authentication as Glances for consistency
- Maintain security headers and WebSocket support
- Use port 19999 for Netdata service
- Add tabbed navigation with Home and Admin tabs
- Organize Admin tab into Server Administration and Local Network sections
- Update service names to actual application names (Copyparty, Jellyfin)
- Add NAS Storage link for network management
- Improve service descriptions and icons
- Implement responsive design with Font Awesome icons
- Add comprehensive copyparty feature list and status
- Document WebDAV client setup (X-plore, rclone)
- Update permission structure with rwmd flags
- Add troubleshooting references for WebDAV issues
- Include working client configuration examples
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Mark all major services as completed (file server, media server, SSL)
- Update repository structure with new config directories
- Fix troubleshooting documentation references
- Reflect current working state of homelab setup
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add section on URL encoding issues causing HTTP 400 errors
- Document nginx proxy_pass solution for preserving request URI
- Update final working configuration with HTTP/1.1 fixes
- Include Connection header and proxy_http_version settings
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Change proxy_pass to preserve original request URI for URL encoding
- Add HTTP/1.1 and Connection header fixes for copyparty compatibility
- Remove path manipulation that broke files with spaces/special characters
Fixes HTTP 400 "bad headers" errors when uploading files with spaces
in filenames via WebDAV clients like X-plore.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Complete Docker Compose setup with MariaDB and Redis
- External storage mounts for existing homelab folders
- Secure password handling using Docker secrets from ~/creds/
- Configured for /cloud path with proper reverse proxy settings
Note: Nextcloud was tested but disabled in favor of copyparty for
file server functionality due to performance and complexity concerns.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add merge_slashes off to prevent automatic redirects
- Add proxy_redirect off to stop nginx from modifying WebDAV responses
- Add explicit WebDAV method support (PUT, DELETE, PROPFIND, etc.)
- Add WebDAV-specific headers (Depth, Destination, etc.)
- Optimize for large file uploads and streaming
Fixes HTTP 301 errors that prevented WebDAV file uploads in clients
like X-plore File Manager.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add explicit 'd' (delete) permission to user accounts to enable
WebDAV DELETE operations. Changed from 'rwm' to 'rwmd' permissions
for all user folders.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add WebDAV access information to copyparty configuration
- Confirm X-plore File Manager compatibility for Android folder uploads
- Update Jellyfin media library structure with private folder mount
- Mark Jellyfin as deployed in service architecture
- Document successful WebDAV folder upload testing
- Update service URLs and access methods
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Document SSL certificate restoration after nginx updates
- Add WebDAV 301 error diagnosis and resolution
- Include media file sync troubleshooting between copyparty and Jellyfin
- Add service deployment best practices
- Provide step-by-step solutions for common configuration issues
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add copyparty and Jellyfin to current services list
- Include WebDAV URL for Android/desktop client access
- Add copyparty service management commands
- Document WebDAV client setup (X-plore, rclone, curl)
- Update external URLs to HTTPS with SSL certificates
- Add configuration management for new services
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
