From f80929eb181527f14fe292471860d17c2e1b9d48 Mon Sep 17 00:00:00 2001 From: Daniel afx Date: Mon, 7 Feb 2022 05:17:11 +0200 Subject: [PATCH] setip haproxy acls --- .gitignore | 7 +++++-- docker-compose.yml | 2 +- lb/haproxy.cfg | 16 ++++++++++++---- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 929e9d1..77f72ee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,16 @@ *.pyc __pycache -#ignore osx shit +# ignore osx shit .DS_Store -#ignore env var files +# ignore env var files .env.dev .env.prod +# ignore lb allowed_ips +lb/allowed_ips + # ignore letsencrypt generated certificates data/certbot/etc/* !data/certbot/etc/.placeholder diff --git a/docker-compose.yml b/docker-compose.yml index 9a06788..5994520 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,7 +45,7 @@ services: pgadmin: image: dpage/pgadmin4 #volumes: - # - "./data/dbadmin:/var/lib/pgadmin" + # - "./data/dbadmin:/var/lib/pgadmin" env_file: - ./.env.prod restart: always diff --git a/lb/haproxy.cfg b/lb/haproxy.cfg index a2001b4..afc0c07 100644 --- a/lb/haproxy.cfg +++ b/lb/haproxy.cfg @@ -57,20 +57,28 @@ frontend https http-response set-header Access-Control-Max-Age 3628800 http-response set-header Access-Control-Allow-Methods "GET" - use_backend %[req.hdr(Host),lower] + # ACL + acl acl_allowed src -f /etc/haproxy/allowed_ips + acl acl_forestnet -i forest.deflax.net + acl acl_forestdb -i db.forest.deflax.net + acl acl_osmap -i map.deflax.net -backend map.deflax.net + use_backend forestnet if acl_forestnet + use_backend forestdb if acl_forestdb acl_allowed + use_backend osmap if acl_osmap + +backend osmap # Get from cache / put in cache http-request cache-use mapscache http-response cache-store mapscache # server list server s1 osmtile:80 check -backend forest.deflax.net +backend forestnet # server list server s1 flask:5000 check -backend db.forest.deflax.net +backend forestdb server s1 pgadmin:80 check #backend docs.deflax.net