config ghost le boudoir
This commit is contained in:
+23
-4
@@ -60,6 +60,9 @@ defaults
|
||||
# errorfile 503 /etc/haproxy/errors/503.http
|
||||
# errorfile 504 /etc/haproxy/errors/504.http
|
||||
|
||||
userlist admin-ghost
|
||||
group is-admin
|
||||
user admin password $5$ITvxQNSy4YoUQdNm$p/2D8ey05ZI3KC2gpRun4OKNsomFS8xJnNd0M4P0zeB # $5$... (générez avec: printf "votrepassword" | mkpasswd --method=sha-256 --stdout)
|
||||
|
||||
#frontend http_in
|
||||
# bind *:80
|
||||
@@ -135,10 +138,10 @@ frontend https
|
||||
acl stats-host hdr(host) -i stats.gyozamancave.fr
|
||||
acl n8n-host hdr(host) -i n8n.gyozamancave.fr
|
||||
acl homegit-host hdr(host) -i homegit.gyozamancave.fr
|
||||
acl boudoir-host hdr(host) -i ledigitalboudoir.com
|
||||
#acl boudoir-assets path_beg /assets/
|
||||
#acl path_og path_beg /og/
|
||||
|
||||
acl boudoir-host hdr(host) -i ledigitalboudoir.com
|
||||
|
||||
use_backend cms if cms-host
|
||||
use_backend links-mtb if links-host
|
||||
use_backend cms2 if cms2-host
|
||||
@@ -154,7 +157,7 @@ frontend https
|
||||
#use_backend boudoir-assets-backend if path_og
|
||||
#use_backend boudoir-assets-backend if boudoir-assets
|
||||
use_backend boudoir-backend if boudoir-host
|
||||
|
||||
|
||||
#backend boudoir-assets-backend
|
||||
# mode http
|
||||
|
||||
@@ -181,8 +184,24 @@ frontend https
|
||||
# Serveur Directus interne
|
||||
# server directus 192.168.1.107:8055 check
|
||||
|
||||
#backend boudoir-backend
|
||||
# server boudoir 192.168.1.57:2368
|
||||
backend boudoir-backend
|
||||
server boudoir 192.168.1.57:2368
|
||||
acl ghost_path path_beg /ghost/
|
||||
acl is_whitelisted src 82.67.3.126/32
|
||||
acl is_lan src 192.168.1.0/24 # Plage LAN (adaptez 192.168.1.0/24 si précis)
|
||||
acl is_lan2 src 192.168.2.0/24 # Plage LAN (adaptez 192.168.1.0/24 si précis)
|
||||
acl is_whitelisted_full src 82.67.3.126/32 192.168.1.0/24 192.168.2.0/24 # Combine
|
||||
acl admin_auth http_auth_group(admin-ghost) is-admin
|
||||
|
||||
# Deny /ghost/ hors IP white
|
||||
http-request deny if ghost_path !is_whitelisted_full
|
||||
|
||||
# Auth basique pour /ghost/ (toujours demandée si pas IP white, mais safe)
|
||||
# http-request auth realm "Ghost Admin" unless admin_auth if ghost_path
|
||||
# Bloque /ghost/ hors votre IP (sécurisé, simple)
|
||||
server boudoir 192.168.1.57:2368 check
|
||||
|
||||
|
||||
#backend boudoir-backend
|
||||
# server boudoir 192.168.1.107:31723 check
|
||||
|
||||
Reference in New Issue
Block a user