Enable sniStrict to drop requests from domains without routers
This commit is contained in:
parent
15c427f812
commit
7b66f284f6
|
@ -25,19 +25,23 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
dynamicConfigOptions.http = {
|
||||
routers.api = {
|
||||
dynamicConfigOptions = {
|
||||
tls.options.default.sniStrict = true;
|
||||
http = {
|
||||
routers = {
|
||||
api = {
|
||||
rule = "Host(`traefik.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "api@internal";
|
||||
middlewares = ["auth"];
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
routers.api-internal = {
|
||||
api-internal = {
|
||||
rule = "ClientIP(`192.168.0.0/16`)";
|
||||
entryPoints = ["traefik-internal"];
|
||||
service = "api@internal";
|
||||
};
|
||||
};
|
||||
middlewares = {
|
||||
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
|
||||
hsts.headers = {
|
||||
|
@ -47,6 +51,7 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [80 443 8080];
|
||||
|
|
Loading…
Reference in a new issue