forest/net
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix db acl

Browse source
This commit is contained in:
Daniel afx 2022-02-07 06:03:13 +02:00
parent 6f982e0a6a
commit 11961a80c4
3 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -9,7 +9,7 @@ __pycache
.env.prod .env.prod
# ignore lb allowed_ips # ignore lb allowed_ips
lb/allowed_ips lb/dballowed.acl
# ignore letsencrypt generated certificates # ignore letsencrypt generated certificates
data/certbot/etc/* data/certbot/etc/*

0
lb/allowed_ips-sample → lb/dballowed.acl-sample
View file

18
lb/haproxy.cfg
View file

@ -58,16 +58,16 @@ frontend https
http-response set-header Access-Control-Allow-Methods "GET" http-response set-header Access-Control-Allow-Methods "GET"
# ACL # ACL
acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
acl acl_forestnet hdr(host)-i forest.deflax.net acl is_forestnet hdr(host)-i forest.deflax.net
acl acl_forestdb hdr(host) -i db.forest.deflax.net acl is_forestdb hdr(host) -i db.forest.deflax.net
acl acl_osmap hdr(host) -i map.deflax.net acl is_osmap hdr(host) -i map.deflax.net
tcp-request connection reject if is_forestdb !is_allowed
http-request deny if acl_forestdb !acl_allowed use_backend forestnet if is_forestnet
use_backend forestdb if is_forestdb
use_backend forestnet if acl_forestnet use_backend osmap if is_osmap
use_backend forestdb if acl_forestdb
use_backend osmap if acl_osmap
backend osmap backend osmap
# Get from cache / put in cache # Get from cache / put in cache