feat: haproxy updates

- add acls for all backends
- harden security of backends
- update http-check for all backends
This commit is contained in:
2024-07-07 16:51:36 +10:00
parent 152ffaa1d3
commit 991c8a3029
2 changed files with 19 additions and 7 deletions
+4 -2
View File
@@ -50,8 +50,8 @@ profiles::nginx::simpleproxy::locations:
proxy_cache_key: '"$http_authorization$cookie_nginxauth"'
location_cfg_append:
proxy_pass_request_body: 'off'
# health checks by consul
arrstack_web_consul:
# health checks by consul/haproxy
arrstack_web_healthcheck:
ensure: 'present'
server: "%{lookup('profiles::nginx::simpleproxy::nginx_vhost')}"
ssl_only: true
@@ -69,6 +69,8 @@ profiles::nginx::simpleproxy::locations:
location_allow:
- 127.0.0.1
- "%{facts.networking.ip}"
- 198.18.13.25
- 198.18.13.26
location_deny:
- all
# authorised access from external