forest/net
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix db acl

Browse source
This commit is contained in:
Daniel afx 2022-02-07 06:03:13 +02:00
parent 6f982e0a6a
commit 11961a80c4
3 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -9,7 +9,7 @@ __pycache
.env.prod
# ignore lb allowed_ips
lb/allowed_ips
lb/dballowed.acl
# ignore letsencrypt generated certificates
data/certbot/etc/*

0
lb/allowed_ips-sample → lb/dballowed.acl-sample
View file

16
lb/haproxy.cfg
View file

@ -58,16 +58,16 @@ frontend https
http-response set-header Access-Control-Allow-Methods "GET"
# ACL
acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips
acl acl_forestnet hdr(host)-i forest.deflax.net
acl acl_forestdb hdr(host) -i db.forest.deflax.net
acl acl_osmap hdr(host) -i map.deflax.net
acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
acl is_forestnet hdr(host)-i forest.deflax.net
acl is_forestdb hdr(host) -i db.forest.deflax.net
acl is_osmap hdr(host) -i map.deflax.net
http-request deny if acl_forestdb !acl_allowed
tcp-request connection reject if is_forestdb !is_allowed
use_backend forestnet if acl_forestnet
use_backend forestdb if acl_forestdb
use_backend osmap if acl_osmap
use_backend forestnet if is_forestnet
use_backend forestdb if is_forestdb
use_backend osmap if is_osmap
backend osmap
# Get from cache / put in cache