Enable sniStrict to drop requests from domains without routers
This commit is contained in:
parent
15c427f812
commit
7b66f284f6
|
@ -25,19 +25,23 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
dynamicConfigOptions.http = {
|
dynamicConfigOptions = {
|
||||||
routers.api = {
|
tls.options.default.sniStrict = true;
|
||||||
|
http = {
|
||||||
|
routers = {
|
||||||
|
api = {
|
||||||
rule = "Host(`traefik.xenia.me.uk`)";
|
rule = "Host(`traefik.xenia.me.uk`)";
|
||||||
entryPoints = ["http" "https"];
|
entryPoints = ["http" "https"];
|
||||||
service = "api@internal";
|
service = "api@internal";
|
||||||
middlewares = ["auth"];
|
middlewares = ["auth"];
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
routers.api-internal = {
|
api-internal = {
|
||||||
rule = "ClientIP(`192.168.0.0/16`)";
|
rule = "ClientIP(`192.168.0.0/16`)";
|
||||||
entryPoints = ["traefik-internal"];
|
entryPoints = ["traefik-internal"];
|
||||||
service = "api@internal";
|
service = "api@internal";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
middlewares = {
|
middlewares = {
|
||||||
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
|
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
|
||||||
hsts.headers = {
|
hsts.headers = {
|
||||||
|
@ -47,6 +51,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [80 443 8080];
|
allowedTCPPorts = [80 443 8080];
|
||||||
|
|
Loading…
Reference in a new issue