Dustin C. Hatch
0353360360
Invoice Ninja needs to be accessible from the Internet in order to receive webhooks from Stripe. Additionally, Apple Pay requires contacting Invoice Ninja for domain verification.
134 lines
2.7 KiB
YAML
134 lines
2.7 KiB
YAML
dch_proxy_internal_networks:
|
|
- 172.30.0.0/16
|
|
- 172.31.1.0/24
|
|
# - 'fd68:c2d2:500e:3e00::/56'
|
|
|
|
dch_proxy_allowlist:
|
|
- 172.30.0.211/32
|
|
|
|
dch_proxy_blocklist:
|
|
- 172.30.0.208/28
|
|
- 172.30.0.224/29
|
|
- 172.30.0.232/29
|
|
- 172.30.0.240/28
|
|
|
|
dch_proxy_sites:
|
|
- backend: gitea
|
|
match: git.pyrocufflink
|
|
matcher: dom
|
|
- backend: bitwarden
|
|
match: bitwarden.pyrocufflink
|
|
matcher: dom
|
|
- backend: nextcloud
|
|
match: nextcloud.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: billing.hatchlearningcenter.org
|
|
- backend: web
|
|
match: chmod777.sh
|
|
matcher: end
|
|
- backend: web
|
|
match: dustinandtabitha.com
|
|
matcher: end
|
|
- backend: web
|
|
match: dustin.hatch.name
|
|
- backend: web
|
|
match: dustin.hatch.is
|
|
- backend: web
|
|
match: ebonfire.com
|
|
matcher: end
|
|
- backend: web
|
|
match: hatchlearningcenter hlckc hlcks
|
|
matcher: dom
|
|
- backend: web
|
|
match: nratonpass.com
|
|
matcher: end
|
|
- backend: web
|
|
match: pyrocufflink.net
|
|
- backend: web
|
|
match: tabitha.biz
|
|
matcher: end
|
|
- backend: jellyfin
|
|
match: jellyfin.pyrocufflink
|
|
matcher: dom
|
|
- backend: kubernetes
|
|
match: ntfy.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: darkchestofwonders.us
|
|
- backend: kubernetes
|
|
match: invoiceninja.pyrocufflink.net
|
|
|
|
dch_proxy_backends:
|
|
bitwarden:
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:80'
|
|
options: check
|
|
bitwarden-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
gitea:
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:80'
|
|
options: check
|
|
gitea-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
jellyfin:
|
|
servers:
|
|
- name: jellyfin
|
|
host: 'jellyfin.pyrocufflink.blue:80'
|
|
options: check
|
|
jellyfin-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: jellyfin-tls
|
|
host: 'jellyfin.pyrocufflink.blue:8443'
|
|
options: check send-proxy
|
|
|
|
kubernetes:
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:80'
|
|
options: check
|
|
kubernetes-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
nextcloud:
|
|
servers:
|
|
- name: nextcloud
|
|
host: 'cloud0.pyrocufflink.blue:80'
|
|
options: check
|
|
nextcloud-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: nextcloud
|
|
# NOTE: NOT the default HTTPS port, but a different virtual host that
|
|
# accepts the PROXY protocol
|
|
host: 'cloud0.pyrocufflink.blue:8443'
|
|
options: check send-proxy-v2
|
|
|
|
web:
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:80'
|
|
options: check
|
|
web-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:443'
|
|
options: check
|