r/dch-proxy: Define sites declaratively
I've already made a couple of mistakes keeping the HTTP and HTTPS rules in sync. Let's define the sites declaratively and derive the HAProxy rules from the data, rather then manually type the rules.
This commit is contained in:
@@ -11,3 +11,106 @@ dch_proxy_blocklist:
|
||||
- 172.30.0.224/29
|
||||
- 172.30.0.232/29
|
||||
- 172.30.0.240/28
|
||||
|
||||
dch_proxy_sites:
|
||||
- backend: gitea
|
||||
match: git.pyrocufflink
|
||||
matcher: dom
|
||||
- backend: bitwarden
|
||||
match: bitwarden.pyrocufflink
|
||||
matcher: dom
|
||||
- backend: nextcloud
|
||||
match: nextcloud.pyrocufflink.net
|
||||
- backend: kubernetes
|
||||
match: billing.hatchlearningcenter.org
|
||||
- backend: web
|
||||
match: chmod777.sh
|
||||
matcher: end
|
||||
- backend: web
|
||||
match: dustinandtabitha.com
|
||||
matcher: end
|
||||
- backend: web
|
||||
match: dustin.hatch.name
|
||||
- backend: web
|
||||
match: dustin.hatch.is
|
||||
- backend: web
|
||||
match: ebonfire.com
|
||||
matcher: end
|
||||
- backend: web
|
||||
match: hatchlearningcenter hlckc hlcks
|
||||
matcher: dom
|
||||
- backend: web
|
||||
match: nratonpass.com
|
||||
matcher: end
|
||||
- backend: web
|
||||
match: pyrocufflink.net
|
||||
- backend: web
|
||||
match: tabitha.biz
|
||||
matcher: end
|
||||
- backend: kubernetes
|
||||
match: ntfy.pyrocufflink.net
|
||||
- backend: kubernetes
|
||||
match: darkchestofwonders.us
|
||||
|
||||
dch_proxy_backends:
|
||||
bitwarden:
|
||||
servers:
|
||||
- name: bitwarden
|
||||
host: 'bitwarden.pyrocufflink.blue:80'
|
||||
options: check
|
||||
bitwarden-tls:
|
||||
mode: tcp
|
||||
servers:
|
||||
- name: bitwarden
|
||||
host: 'bitwarden.pyrocufflink.blue:443'
|
||||
options: check
|
||||
|
||||
gitea:
|
||||
servers:
|
||||
- name: gitea
|
||||
host: 'git0.pyrocufflink.blue:80'
|
||||
options: check
|
||||
gitea-tls:
|
||||
mode: tcp
|
||||
servers:
|
||||
- name: gitea
|
||||
host: 'git0.pyrocufflink.blue:443'
|
||||
options: check
|
||||
|
||||
kubernetes:
|
||||
servers:
|
||||
- name: k8s
|
||||
host: 'k8s-ingress.pyrocufflink.blue:80'
|
||||
options: check
|
||||
kubernetes-tls:
|
||||
mode: tcp
|
||||
servers:
|
||||
- name: k8s
|
||||
host: 'k8s-ingress.pyrocufflink.blue:443'
|
||||
options: check
|
||||
|
||||
nextcloud:
|
||||
servers:
|
||||
- name: nextcloud
|
||||
host: 'cloud0.pyrocufflink.blue:80'
|
||||
options: check
|
||||
nextcloud-tls:
|
||||
mode: tcp
|
||||
servers:
|
||||
- name: nextcloud
|
||||
# NOTE: NOT the default HTTPS port, but a different virtual host that
|
||||
# accepts the PROXY protocol
|
||||
host: 'cloud0.pyrocufflink.blue:8443'
|
||||
options: check send-proxy-v2
|
||||
|
||||
web:
|
||||
servers:
|
||||
- name: web0
|
||||
host: 'web0.pyrocufflink.blue:80'
|
||||
options: check
|
||||
web-tls:
|
||||
mode: tcp
|
||||
servers:
|
||||
- name: web0
|
||||
host: 'web0.pyrocufflink.blue:443'
|
||||
options: check
|
||||
|
||||
Reference in New Issue
Block a user