add allowlist support
This commit is contained in:
parent
70416407f5
commit
df5b8df96c
|
|
@ -33,6 +33,8 @@ haproxy:
|
||||||
extra_param: backup
|
extra_param: backup
|
||||||
- frontend:
|
- frontend:
|
||||||
- hass.badjware.dev
|
- hass.badjware.dev
|
||||||
|
- longhorn.badjware.dev
|
||||||
|
- traefik.badjware.dev
|
||||||
backend:
|
backend:
|
||||||
- server: 192.168.20.20
|
- server: 192.168.20.20
|
||||||
- server: 192.168.20.21
|
- server: 192.168.20.21
|
||||||
|
|
@ -43,6 +45,10 @@ haproxy:
|
||||||
extra_param: backup
|
extra_param: backup
|
||||||
- server: 192.168.20.24
|
- server: 192.168.20.24
|
||||||
extra_param: backup
|
extra_param: backup
|
||||||
|
allowlist:
|
||||||
|
- 127.0.0.1
|
||||||
|
- 192.168.20.20/24
|
||||||
|
- 192.168.30.20/24
|
||||||
- frontend:
|
- frontend:
|
||||||
- s3.badjware.dev
|
- s3.badjware.dev
|
||||||
backend:
|
backend:
|
||||||
|
|
|
||||||
|
|
@ -66,9 +66,11 @@ frontend https_in
|
||||||
# tcp-request inspect-delay 5s
|
# tcp-request inspect-delay 5s
|
||||||
# tcp-request content accept if { req.ssl_hello_type 1 }
|
# tcp-request content accept if { req.ssl_hello_type 1 }
|
||||||
|
|
||||||
|
default_backend default_backend
|
||||||
|
|
||||||
{% for http_route in https_routing %}
|
{% for http_route in https_routing %}
|
||||||
#use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { req.ssl_sni -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}
|
#use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { req.ssl_sni -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}
|
||||||
use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}
|
use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}{% if 'allowlist' in http_route %} { src {% for ip in http_route.allowlist %}{{ ip }} {% endfor %}}{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
## BACKENDS ##
|
## BACKENDS ##
|
||||||
|
|
@ -86,6 +88,10 @@ backend haproxy_metrics
|
||||||
mode http
|
mode http
|
||||||
http-request use-service prometheus-exporter
|
http-request use-service prometheus-exporter
|
||||||
|
|
||||||
|
backend default_backend
|
||||||
|
mode http
|
||||||
|
http-request deny deny_status 404
|
||||||
|
|
||||||
{% for http_route in https_routing %}
|
{% for http_route in https_routing %}
|
||||||
# backend for {{ ', '.join(http_route.frontend) }}
|
# backend for {{ ', '.join(http_route.frontend) }}
|
||||||
backend https_{{ http_route.frontend[0]|replace('.','_') }}
|
backend https_{{ http_route.frontend[0]|replace('.','_') }}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue