From 1f048138793a3038c99b64c2f422e2077bdc3b09 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 12 Aug 2022 13:14:05 -0500
Subject: [PATCH] r/v-m-nginx: Prevent requesting reload

Remote systems should not be able to trigger a reload of the services
behind the reverse proxy.
---
 .../templates/victoria-metrics.nginx.conf.j2                  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/victoria-metrics-nginx/templates/victoria-metrics.nginx.conf.j2 b/roles/victoria-metrics-nginx/templates/victoria-metrics.nginx.conf.j2
index ddf4810..1564ff4 100644
--- a/roles/victoria-metrics-nginx/templates/victoria-metrics.nginx.conf.j2
+++ b/roles/victoria-metrics-nginx/templates/victoria-metrics.nginx.conf.j2
@@ -7,6 +7,10 @@ server {
         proxy_pass http://[::1]:8428/;
         client_max_body_size 100m;
     }
+
+    location ~ /-/reload {
+        deny all;
+    }
 {% for item in vm_nginx_proxy_paths %}
 
     location {{ item.path }} {