140 lines
2.9 KiB
YAML
140 lines
2.9 KiB
YAML
dch_proxy_internal_networks:
|
|
- 172.30.0.0/16
|
|
- 172.31.1.0/24
|
|
# - 'fd68:c2d2:500e:3e00::/56'
|
|
|
|
dch_proxy_allowlist:
|
|
- 172.30.0.211/32
|
|
|
|
dch_proxy_blocklist:
|
|
- 172.30.0.208/28
|
|
- 172.30.0.224/29
|
|
- 172.30.0.232/29
|
|
- 172.30.0.240/28
|
|
|
|
dch_proxy_sites:
|
|
- backend: gitea
|
|
match: git.pyrocufflink
|
|
matcher: dom
|
|
- backend: bitwarden
|
|
match: bitwarden.pyrocufflink
|
|
matcher: dom
|
|
- backend: nextcloud
|
|
match: nextcloud.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: billing.hatchlearningcenter.org
|
|
- backend: web
|
|
match: chmod777.sh
|
|
matcher: end
|
|
- backend: web
|
|
match: dustinandtabitha.com
|
|
matcher: end
|
|
- backend: web
|
|
match: dustin.hatch.name
|
|
- backend: web
|
|
match: dustin.hatch.is
|
|
- backend: web
|
|
match: ebonfire.com
|
|
matcher: end
|
|
- backend: web
|
|
match: apps.du5t1n.xyz
|
|
- backend: web
|
|
match: hatchlearningcenter hlckc hlcks
|
|
matcher: dom
|
|
- backend: web
|
|
match: nratonpass.com
|
|
matcher: end
|
|
- backend: web
|
|
match: pyrocufflink.net
|
|
- backend: web
|
|
match: tabitha.biz
|
|
matcher: end
|
|
- backend: jellyfin
|
|
match: jellyfin.pyrocufflink
|
|
matcher: dom
|
|
- backend: kubernetes
|
|
match: ntfy.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: darkchestofwonders.us
|
|
- backend: kubernetes
|
|
match: invoiceninja.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: dynk8s-provisioner.pyrocufflink.net
|
|
- backend: kubernetes
|
|
match: metrics.pyrocufflink.blue
|
|
|
|
dch_proxy_backends:
|
|
bitwarden:
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:80'
|
|
options: check
|
|
bitwarden-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: bitwarden
|
|
host: 'bitwarden.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
gitea:
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:80'
|
|
options: check
|
|
gitea-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: gitea
|
|
host: 'git0.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
jellyfin:
|
|
servers:
|
|
- name: jellyfin
|
|
host: 'jellyfin.pyrocufflink.blue:80'
|
|
options: check
|
|
jellyfin-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: jellyfin-tls
|
|
host: 'jellyfin.pyrocufflink.blue:8443'
|
|
options: check send-proxy
|
|
|
|
kubernetes:
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:80'
|
|
options: check
|
|
kubernetes-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: k8s
|
|
host: 'k8s-ingress.pyrocufflink.blue:443'
|
|
options: check
|
|
|
|
nextcloud:
|
|
servers:
|
|
- name: nextcloud
|
|
host: 'cloud0.pyrocufflink.blue:80'
|
|
options: check
|
|
nextcloud-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: nextcloud
|
|
# NOTE: NOT the default HTTPS port, but a different virtual host that
|
|
# accepts the PROXY protocol
|
|
host: 'cloud0.pyrocufflink.blue:8443'
|
|
options: check send-proxy-v2
|
|
|
|
web:
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:80'
|
|
options: check
|
|
web-tls:
|
|
mode: tcp
|
|
servers:
|
|
- name: web0
|
|
host: 'web0.pyrocufflink.blue:443'
|
|
options: check
|