setip haproxy acls

This commit is contained in:
Daniel afx 2022-02-07 05:17:11 +02:00
parent 128fe2defe
commit f80929eb18
3 changed files with 18 additions and 7 deletions

3
.gitignore vendored
View file

@ -8,6 +8,9 @@ __pycache
.env.dev
.env.prod
# ignore lb allowed_ips
lb/allowed_ips
# ignore letsencrypt generated certificates
data/certbot/etc/*
!data/certbot/etc/.placeholder

View file

@ -57,20 +57,28 @@ frontend https
http-response set-header Access-Control-Max-Age 3628800
http-response set-header Access-Control-Allow-Methods "GET"
use_backend %[req.hdr(Host),lower]
# ACL
acl acl_allowed src -f /etc/haproxy/allowed_ips
acl acl_forestnet -i forest.deflax.net
acl acl_forestdb -i db.forest.deflax.net
acl acl_osmap -i map.deflax.net
backend map.deflax.net
use_backend forestnet if acl_forestnet
use_backend forestdb if acl_forestdb acl_allowed
use_backend osmap if acl_osmap
backend osmap
# Get from cache / put in cache
http-request cache-use mapscache
http-response cache-store mapscache
# server list
server s1 osmtile:80 check
backend forest.deflax.net
backend forestnet
# server list
server s1 flask:5000 check
backend db.forest.deflax.net
backend forestdb
server s1 pgadmin:80 check
#backend docs.deflax.net