feat: haproxy updates
- add acls for all backends - harden security of backends - update http-check for all backends
This commit is contained in:
@@ -50,8 +50,8 @@ profiles::nginx::simpleproxy::locations:
|
||||
proxy_cache_key: '"$http_authorization$cookie_nginxauth"'
|
||||
location_cfg_append:
|
||||
proxy_pass_request_body: 'off'
|
||||
# health checks by consul
|
||||
arrstack_web_consul:
|
||||
# health checks by consul/haproxy
|
||||
arrstack_web_healthcheck:
|
||||
ensure: 'present'
|
||||
server: "%{lookup('profiles::nginx::simpleproxy::nginx_vhost')}"
|
||||
ssl_only: true
|
||||
@@ -69,6 +69,8 @@ profiles::nginx::simpleproxy::locations:
|
||||
location_allow:
|
||||
- 127.0.0.1
|
||||
- "%{facts.networking.ip}"
|
||||
- 198.18.13.25
|
||||
- 198.18.13.26
|
||||
location_deny:
|
||||
- all
|
||||
# authorised access from external
|
||||
|
||||
Reference in New Issue
Block a user