Staging IP whitelist: proxy protocol + Traefik middleware

- Hetzner LB: proxy protocol enabled on port 80+443 - Traefik: proxyProtocol.trustedIPs includes LB public IP (46.225.37.135) - Middleware in docfast-staging + snapapi-staging: allows only 178.115.247.134 - Documented in k3s-infra skill for future projects - DaemonSet updateStrategy note: helm resets maxUnavailable
2026-02-20 10:24:44 +00:00 · 2026-02-20 10:24:44 +00:00 · feba85c7ba
commit feba85c7ba
parent 14154bd576
4 changed files with 89 additions and 1 deletions
--- a/memory/tasks.json
+++ b/memory/tasks.json
@ -38,6 +38,48 @@
      "priority": "soon",
      "context": "Ergonomischer Bürostuhl für Programmier-Setup. ~€1.800-2.000. Evtl. probesitzen in Wien vorher.",
      "lastNudged": "2026-02-19T16:02:35.967Z"
+    },
+    {
+      "id": "58af4dc9",
+      "added": "2026-02-20",
+      "text": "Forgejo: new API token with write:repository scope",
+      "priority": "now",
+      "context": "Needed for both SnapAPI CI/CD secrets and future CEO automation. Create at https://git.cloonar.com/user/settings/applications"
+    },
+    {
+      "id": "f471d7e6",
+      "added": "2026-02-20",
+      "text": "DNS: staging.snapapi.eu → 46.225.37.135",
+      "priority": "now",
+      "context": "A record at INWX. Needed for staging TLS cert (cert-manager challenge pending 21h+)"
+    },
+    {
+      "id": "ba8784cd",
+      "added": "2026-02-20",
+      "text": "DNS: staging.docfast.dev → 46.225.37.135",
+      "priority": "soon",
+      "context": "A record at INWX for staging ingress TLS"
+    },
+    {
+      "id": "9c3c8863",
+      "added": "2026-02-20",
+      "text": "Stripe: register SnapAPI webhook",
+      "priority": "soon",
+      "context": "URL: https://snapapi.eu/v1/billing/webhook — Events: checkout.session.completed, customer.subscription.updated, customer.subscription.deleted, customer.updated"
+    },
+    {
+      "id": "af9aa6d7",
+      "added": "2026-02-20",
+      "text": "SnapAPI: tag v0.4.4 for production",
+      "priority": "now",
+      "context": "Browser restart fix (BUG-007) — intermittent 503s in prod right now. Staggered restart + one-at-a-time guard."
+    },
+    {
+      "id": "482054e4",
+      "added": "2026-02-20",
+      "text": "Check Forgejo CI runner — stuck/pending builds",
+      "priority": "now",
+      "context": "Both DocFast and SnapAPI CI builds showing 'Waiting to run' or failing. Runner may need restart or reconfiguration."
    }
  ]
 }