103 lines
3.6 KiB
Django/Jinja
103 lines
3.6 KiB
Django/Jinja
{% macro acls() +%}
|
|
acl internal_net src {{ dch_proxy_internal_networks|join(' ') }}
|
|
acl allowlist src {{ dch_proxy_allowlist|join(' ') }}
|
|
acl blocklist src {{ dch_proxy_blocklist|join(' ') }}
|
|
{% endmacro %}
|
|
|
|
frontend main
|
|
bind :::80
|
|
|
|
{{ acls() }}
|
|
|
|
tcp-request connection reject if blocklist !allowlist
|
|
|
|
use_backend gitea if { hdr(host) -i git.pyrocufflink.blue }
|
|
use_backend gitea if { hdr(host) -i git.pyrocufflink.net }
|
|
use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.blue }
|
|
use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.net }
|
|
use_backend nextcloud if { hdr(host) -i nextcloud.pyrocufflink.net }
|
|
use_backend web if { hdr(host) -i -m end chmod777.sh }
|
|
use_backend web if { hdr(host) -i -m end dustinandtabitha.com }
|
|
use_backend web if { hdr(host) -i dustin.hatch.name }
|
|
use_backend web if { hdr(host) -i dustin.hatch.is }
|
|
use_backend web if { hdr(host) -i -m end ebonfire.com }
|
|
use_backend web if { hdr(host) -i -m dom hatchlearningcenter }
|
|
use_backend web if { hdr(host) -i -m dom hlckc }
|
|
use_backend web if { hdr(host) -i -m dom hlcks }
|
|
use_backend web if { hdr(host) -i -m end nratonpass.com }
|
|
use_backend web if { hdr(host) -i pyrocufflink.net }
|
|
use_backend web if { hdr(host) -i -m end tabitha.biz }
|
|
use_backend kubernetes if { hdr(host) -i ntfy.pyrocufflink.net }
|
|
use_backend kubernetes if { hdr(host) -i darkchestofwonders.us }
|
|
use_backend kubernetes if internal_net
|
|
|
|
|
|
frontend main-tls
|
|
bind :::443
|
|
mode tcp
|
|
option tcplog
|
|
|
|
{{ acls() }}
|
|
|
|
tcp-request connection reject if blocklist !allowlist
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
|
|
|
use_backend gitea-tls if { req.ssl_sni -i git.pyrocufflink.blue }
|
|
use_backend gitea-tls if { req.ssl_sni -i git.pyrocufflink.net }
|
|
use_backend bitwarden-tls if { req.ssl_sni -i bitwarden.pyrocufflink.blue }
|
|
use_backend bitwarden-tls if { req.ssl_sni -i bitwarden.pyrocufflink.net }
|
|
use_backend nextcloud-tls if { req.ssl_sni -i nextcloud.pyrocufflink.net }
|
|
use_backend web-tls if { req.ssl_sni -i -m end chmod777.sh }
|
|
use_backend web-tls if { req.ssl_sni -i dustin.hatch.name }
|
|
use_backend web-tls if { req.ssl_sni -i dustin.hatch.is }
|
|
use_backend web-tls if { req.ssl_sni -i -m end ebonfire.com }
|
|
use_backend web-tls if { req.ssl_sni -i -m dom hatchlearningcenter }
|
|
use_backend web-tls if { req.ssl_sni -i -m dom hlckc }
|
|
use_backend web-tls if { req.ssl_sni -i -m dom hlcks }
|
|
use_backend web-tls if { req.ssl_sni -i pyrocufflink.net }
|
|
use_backend web-tls if { req.ssl_sni -i -m end tabitha.biz }
|
|
use_backend kubernetes-tls if { req.ssl_sni -i ntfy.pyrocufflink.net }
|
|
use_backend kubernetes-tls if { req.ssl_sni -i darkchestofwonders.us }
|
|
use_backend kubernetes-tls if internal_net
|
|
|
|
|
|
backend bitwarden
|
|
server bitwarden bitwarden.pyrocufflink.blue:80 check
|
|
|
|
backend bitwarden-tls
|
|
mode tcp
|
|
server bitwarden bitwarden.pyrocufflink.blue:443 check
|
|
|
|
|
|
backend gitea
|
|
server gitea git0.pyrocufflink.blue:80 check
|
|
|
|
backend gitea-tls
|
|
mode tcp
|
|
server gitea git0.pyrocufflink.blue:443 check
|
|
|
|
|
|
backend kubernetes
|
|
server k8s k8s-ingress.pyrocufflink.blue:80 check
|
|
|
|
backend kubernetes-tls
|
|
mode tcp
|
|
server k8s k8s-ingress.pyrocufflink.blue:443 check
|
|
|
|
|
|
backend nextcloud
|
|
server nextcloud cloud0.pyrocufflink.blue:80 check
|
|
|
|
backend nextcloud-tls
|
|
mode tcp
|
|
server nextcloud cloud0.pyrocufflink.blue:8443 check send-proxy-v2
|
|
|
|
|
|
backend web
|
|
server web0 web0.pyrocufflink.blue:80 check
|
|
|
|
backend web-tls
|
|
mode tcp
|
|
server web web0.pyrocufflink.blue:443 check
|