From abbb3255f81292c97d42035ee0171bc6c4f05d04 Mon Sep 17 00:00:00 2001
From: mirsal <mirsal@mirsal.fr>
Date: Wed, 27 Nov 2024 10:02:30 +0000
Subject: [PATCH 01/13] Switch to endpoint-mode dnsrr instead of vip

The default docker swarm endpoint mode (vip) introduces unnecessary
indirection in the communication between services, namely the
docker-proxy and a dynamic haproxy endpoint container. This commit
switches the socket-proxy service to endpoint_mode: dnsrr by default and
the traefik service when using host-mode port publishing.

I would strongly recommend considering switching to host-mode port
publishing by default, especially as most coop-cloud deployments are
single-server.

See: https://git.coopcloud.tech/toolshed/organising/issues/648
---
 compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/compose.yml b/compose.yml
index 73ed345..fdb1006 100644
--- a/compose.yml
+++ b/compose.yml
@@ -53,6 +53,8 @@ services:
 
   socket-proxy:
     image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
+    deploy:
+      endpoint_mode: dnsrr
     environment:
       - ALLOW_START=0
       - ALLOW_STOP=0

From 629494495285f981f293219020985c5ec239592a Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 3 Dec 2024 19:33:59 +0100
Subject: [PATCH 02/13] chore: publish 2.9.0+v2.11.14 release

---
 compose.yml            | 6 +++---
 release/2.9.0+v2.11.14 | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 release/2.9.0+v2.11.14

diff --git a/compose.yml b/compose.yml
index 73ed345..b8c6331 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.10"
+    image: "traefik:v2.11.14"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,12 +47,12 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
+        - "coop-cloud.${STACK_NAME}.version=2.9.0+v2.11.14"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
+    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls30
     environment:
       - ALLOW_START=0
       - ALLOW_STOP=0
diff --git a/release/2.9.0+v2.11.14 b/release/2.9.0+v2.11.14
new file mode 100644
index 0000000..18fe20c
--- /dev/null
+++ b/release/2.9.0+v2.11.14
@@ -0,0 +1 @@
+Closes Security Issue https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg
\ No newline at end of file

From 85d0c159b09ad37966ceb1adc4b7cb135b3f9af2 Mon Sep 17 00:00:00 2001
From: Cassowary <cassowary@aldercone.studio>
Date: Wed, 8 Jan 2025 10:09:13 -0800
Subject: [PATCH 03/13] Update .drone.yml

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 34e2af2..6c8f294 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -34,7 +34,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

From 7185e6ab43636eeb940c12af929ebda3f1697b93 Mon Sep 17 00:00:00 2001
From: Raghav <raghav@mirnet.org>
Date: Wed, 19 Feb 2025 16:04:41 -0500
Subject: [PATCH 04/13] Configure max log retention

---
 .env.sample      | 1 +
 compose.yml      | 1 +
 traefik.yml.tmpl | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/.env.sample b/.env.sample
index 558e4d2..d62cfa9 100644
--- a/.env.sample
+++ b/.env.sample
@@ -10,6 +10,7 @@ LETS_ENCRYPT_EMAIL=certs@example.com
 # DASHBOARD_ENABLED=true
 # WARN, INFO etc.
 LOG_LEVEL=WARN
+LOG_MAX_AGE=1
 
 # This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"
diff --git a/compose.yml b/compose.yml
index b8c6331..61a1b64 100644
--- a/compose.yml
+++ b/compose.yml
@@ -27,6 +27,7 @@ services:
     environment:
       - DASHBOARD_ENABLED
       - LOG_LEVEL
+      - LOG_MAX_AGE
     healthcheck:
       test: ["CMD", "traefik", "healthcheck"]
       interval: 30s
diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl
index f2af6ad..5767282 100644
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@@ -1,6 +1,8 @@
 ---
 log:
   level: {{ env "LOG_LEVEL" }}
+  maxAge: {{ env "LOG_MAX_AGE" }}
+
 
 providers:
   docker:

From 74b3ee6716e721c38331d425a1ad6e2b2d723b4a Mon Sep 17 00:00:00 2001
From: marlon <marlon@riseup.net>
Date: Wed, 19 Feb 2025 17:20:04 -0500
Subject: [PATCH 05/13] chore: publish 3.1.0+v2.11.14 release

---
 compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yml b/compose.yml
index 61a1b64..f97870b 100644
--- a/compose.yml
+++ b/compose.yml
@@ -48,7 +48,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.9.0+v2.11.14"
+        - "coop-cloud.${STACK_NAME}.version=3.1.0+v2.11.14"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 

From b9d825b5c5b5dfd7b92eaf6e14a95786ccd143ee Mon Sep 17 00:00:00 2001
From: marlon <marlon@riseup.net>
Date: Wed, 19 Feb 2025 17:21:22 -0500
Subject: [PATCH 06/13] publish new version

---
 release/3.1.0+v2.11.14 | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 release/3.1.0+v2.11.14

diff --git a/release/3.1.0+v2.11.14 b/release/3.1.0+v2.11.14
new file mode 100644
index 0000000..4b40a53
--- /dev/null
+++ b/release/3.1.0+v2.11.14
@@ -0,0 +1 @@
+Adds log retention configuration option
\ No newline at end of file

From e21dbc655accfb7c1b0459c0ffa4341bd4770340 Mon Sep 17 00:00:00 2001
From: marlon <marlon@riseup.net>
Date: Thu, 20 Feb 2025 14:42:13 -0500
Subject: [PATCH 07/13] fix default values and breaking configuration for
 LOG_MAX_AGE change

---
 .env.sample | 2 +-
 abra.sh     | 2 +-
 compose.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.env.sample b/.env.sample
index d62cfa9..32bf2cb 100644
--- a/.env.sample
+++ b/.env.sample
@@ -10,7 +10,7 @@ LETS_ENCRYPT_EMAIL=certs@example.com
 # DASHBOARD_ENABLED=true
 # WARN, INFO etc.
 LOG_LEVEL=WARN
-LOG_MAX_AGE=1
+LOG_MAX_AGE=0
 
 # This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"
diff --git a/abra.sh b/abra.sh
index 70c5cfc..07f3312 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v21
+export TRAEFIK_YML_VERSION=v22
 export FILE_PROVIDER_YML_VERSION=v10
 export ENTRYPOINT_VERSION=v4
diff --git a/compose.yml b/compose.yml
index f97870b..e56a831 100644
--- a/compose.yml
+++ b/compose.yml
@@ -27,7 +27,7 @@ services:
     environment:
       - DASHBOARD_ENABLED
       - LOG_LEVEL
-      - LOG_MAX_AGE
+      - LOG_MAX_AGE=${LOG_MAX_AGE:0}
     healthcheck:
       test: ["CMD", "traefik", "healthcheck"]
       interval: 30s

From 54fe45da2f5fbeea0f610de4536fae053818bc03 Mon Sep 17 00:00:00 2001
From: p4u1 <p4u1_f4u1@riseup.net>
Date: Fri, 21 Feb 2025 18:40:16 +0100
Subject: [PATCH 08/13] Revert max log max log retention

---
 .env.sample            | 1 -
 abra.sh                | 2 +-
 compose.yml            | 3 +--
 release/3.1.0+v2.11.14 | 1 -
 traefik.yml.tmpl       | 2 --
 5 files changed, 2 insertions(+), 7 deletions(-)
 delete mode 100644 release/3.1.0+v2.11.14

diff --git a/.env.sample b/.env.sample
index 32bf2cb..558e4d2 100644
--- a/.env.sample
+++ b/.env.sample
@@ -10,7 +10,6 @@ LETS_ENCRYPT_EMAIL=certs@example.com
 # DASHBOARD_ENABLED=true
 # WARN, INFO etc.
 LOG_LEVEL=WARN
-LOG_MAX_AGE=0
 
 # This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"
diff --git a/abra.sh b/abra.sh
index 07f3312..70c5cfc 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v22
+export TRAEFIK_YML_VERSION=v21
 export FILE_PROVIDER_YML_VERSION=v10
 export ENTRYPOINT_VERSION=v4
diff --git a/compose.yml b/compose.yml
index e56a831..b8c6331 100644
--- a/compose.yml
+++ b/compose.yml
@@ -27,7 +27,6 @@ services:
     environment:
       - DASHBOARD_ENABLED
       - LOG_LEVEL
-      - LOG_MAX_AGE=${LOG_MAX_AGE:0}
     healthcheck:
       test: ["CMD", "traefik", "healthcheck"]
       interval: 30s
@@ -48,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=3.1.0+v2.11.14"
+        - "coop-cloud.${STACK_NAME}.version=2.9.0+v2.11.14"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
diff --git a/release/3.1.0+v2.11.14 b/release/3.1.0+v2.11.14
deleted file mode 100644
index 4b40a53..0000000
--- a/release/3.1.0+v2.11.14
+++ /dev/null
@@ -1 +0,0 @@
-Adds log retention configuration option
\ No newline at end of file
diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl
index 5767282..f2af6ad 100644
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@@ -1,8 +1,6 @@
 ---
 log:
   level: {{ env "LOG_LEVEL" }}
-  maxAge: {{ env "LOG_MAX_AGE" }}
-
 
 providers:
   docker:

From 55ad530fb7372642c489b913a6f32b3856a8c641 Mon Sep 17 00:00:00 2001
From: p4u1 <p4u1_f4u1@riseup.net>
Date: Fri, 21 Feb 2025 18:42:22 +0100
Subject: [PATCH 09/13] chore: publish 2.9.1+v2.11.14 release

---
 compose.yml            | 2 +-
 release/2.9.1+v2.11.14 | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 release/2.9.1+v2.11.14

diff --git a/compose.yml b/compose.yml
index b8c6331..0e64602 100644
--- a/compose.yml
+++ b/compose.yml
@@ -47,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.9.0+v2.11.14"
+        - "coop-cloud.${STACK_NAME}.version=2.9.1+v2.11.14"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
diff --git a/release/2.9.1+v2.11.14 b/release/2.9.1+v2.11.14
new file mode 100644
index 0000000..5fb5f66
--- /dev/null
+++ b/release/2.9.1+v2.11.14
@@ -0,0 +1 @@
+Reverts max log retention
\ No newline at end of file

From 22578d1e8ebb7cf0a5023ca032fb2ca0a5c9cf1a Mon Sep 17 00:00:00 2001
From: Simon <s.thiessen@local-it.org>
Date: Tue, 1 Apr 2025 16:00:35 +0200
Subject: [PATCH 10/13] chore: publish 2.10.0+v2.11.22 release

---
 compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/compose.yml b/compose.yml
index 0e64602..08f50d8 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.14"
+    image: "traefik:v2.11.22"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.9.1+v2.11.14"
+        - "coop-cloud.${STACK_NAME}.version=2.10.0+v2.11.22"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 

From ac53e9debed063002a340675f448e22cb54dcffc Mon Sep 17 00:00:00 2001
From: decentral1se <cellarspoon@riseup.net>
Date: Tue, 22 Apr 2025 09:10:44 +0200
Subject: [PATCH 11/13] chore: publish 3.0.0+v2.11.22 with release note

---
 compose.yml            | 2 +-
 release/3.0.0+v2.11.22 | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 release/3.0.0+v2.11.22

diff --git a/compose.yml b/compose.yml
index 67ff714..4a1af05 100644
--- a/compose.yml
+++ b/compose.yml
@@ -47,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.10.0+v2.11.22"
+        - "coop-cloud.${STACK_NAME}.version=3.0.0+v2.11.22"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
diff --git a/release/3.0.0+v2.11.22 b/release/3.0.0+v2.11.22
new file mode 100644
index 0000000..d657021
--- /dev/null
+++ b/release/3.0.0+v2.11.22
@@ -0,0 +1,2 @@
+socket-proxy: switch to endpoint-mode dnsrr instead of vip
+See https://git.coopcloud.tech/coop-cloud/traefik/pulls/50.

From 830559895e3eb680d72211118c9af8eb6f026060 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 22 Apr 2025 15:28:32 +0200
Subject: [PATCH 12/13] chore: publish 3.1.0+v2.11.24 release

---
 compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/compose.yml b/compose.yml
index 4a1af05..1b052a0 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.22"
+    image: "traefik:v2.11.24"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=3.0.0+v2.11.22"
+        - "coop-cloud.${STACK_NAME}.version=3.1.0+v2.11.24"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 

From 7835b585fdd5d7b334ac5ef5ae6a0f4a209c28b4 Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Wed, 11 Jun 2025 18:23:53 +0100
Subject: [PATCH 13/13] chore: publish 3.1.1+v2.11.25 release

---
 compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/compose.yml b/compose.yml
index 1b052a0..b3e0843 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.24"
+    image: "traefik:v2.11.25"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,7 +47,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=3.1.0+v2.11.24"
+        - "coop-cloud.${STACK_NAME}.version=3.1.1+v2.11.25"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"