Dustin C. Hatch
85da487cb8
I've already made a couple of mistakes keeping the HTTP and HTTPS rules in sync. Let's define the sites declaratively and derive the HAProxy rules from the data, rather then manually type the rules.
117 lines
2.3 KiB
YAML
117 lines
2.3 KiB
YAML
dch_proxy_internal_networks:
|
|
- 172.30.0.0/16
|
|
- 172.31.1.0/24
|
|
# - 'fd68:c2d2:500e:3e00::/56'
|
|
|
|
dch_proxy_allowlist:
|
|
- 172.30.0.211/32
|
|
|
|
dch_proxy_blocklist:
|
|
- 172.30.0.208/28
|
|
- 172.30.0.224/29
|
|
- 172.30.0.232/29
|
|
- 172.30.0.240/28
|
|
|
|
dch_proxy_sites:
|
|
- backend: gitea
|
|
match: git.pyrocufflink
|
|
matcher: dom
|
|
- backend: bitwarden
|
|
match: bitwarden.pyrocufflink
|
|
matcher: dom
|
|
- backend: nextcloud
|
|
match: nextcloud.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: billing.hatchlearningcenter.org
|
|
- backend: web
|
|
match: chmod777.sh
|
|
matcher: end
|
|
- backend: web
|
|
match: dustinandtabitha.com
|
|
matcher: end
|
|
- backend: web
|
|
match: dustin.hatch.name
|
|
- backend: web
|
|
match: dustin.hatch.is
|
|
- backend: web
|
|
match: ebonfire.com
|
|
matcher: end
|
|
- backend: web
|
|
match: hatchlearningcenter hlckc hlcks
|
|
matcher: dom
|
|
- backend: web
|
|
match: nratonpass.com
|
|
matcher: end
|
|
- backend: web
|
|
match: pyrocufflink.net
|
|
- backend: web
|
|
match: tabitha.biz
|
|
matcher: end
|
|
- backend: kubernetes
|
|
match: ntfy.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: darkchestofwonders.us
|
|
|
|
dch_proxy_backends:
|
|
bitwarden:
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:80'
|
|
options: check
|
|
bitwarden-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
gitea:
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:80'
|
|
options: check
|
|
gitea-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
kubernetes:
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:80'
|
|
options: check
|
|
kubernetes-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
nextcloud:
|
|
servers:
|
|
- name: nextcloud
|
|
host: 'cloud0.pyrocufflink.blue:80'
|
|
options: check
|
|
nextcloud-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: nextcloud
|
|
# NOTE: NOT the default HTTPS port, but a different virtual host that
|
|
# accepts the PROXY protocol
|
|
host: 'cloud0.pyrocufflink.blue:8443'
|
|
options: check send-proxy-v2
|
|
|
|
web:
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:80'
|
|
options: check
|
|
web-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:443'
|
|
options: check
|