Enable sniStrict to drop requests from domains without routers

This commit is contained in:
Evie Litherland-Smith 2023-05-30 12:13:03 +01:00
parent 15c427f812
commit 7b66f284f6

View file

@ -25,19 +25,23 @@
};
};
};
dynamicConfigOptions.http = {
routers.api = {
dynamicConfigOptions = {
tls.options.default.sniStrict = true;
http = {
routers = {
api = {
rule = "Host(`traefik.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "api@internal";
middlewares = ["auth"];
tls = {certResolver = "default";};
};
routers.api-internal = {
api-internal = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["traefik-internal"];
service = "api@internal";
};
};
middlewares = {
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
hsts.headers = {
@ -47,6 +51,7 @@
};
};
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 8080];