Add global ipwhitelist on traefik

2023-03-01 18:29:00 +01:00 · 2023-03-01 18:29:00 +01:00 · 69e8e45188
commit 69e8e45188
parent 3dab765238
5 changed files with 14 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -57,6 +57,7 @@ Example variables
  traefik_domain: 'mydomain.com'
  traefik_letsencrypt_email: 'cert@mydomain.com'
  traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
  maildev_domain: 'maildev.mydomain.com'
--- a/templates/compose/grafana.yml.j2
+++ b/templates/compose/grafana.yml.j2
@ -29,6 +29,9 @@ services:
      traefik.http.routers.grafana.tls: true
      traefik.http.routers.grafana.tls.certresolver: letsencrypt
      traefik.http.routers.grafana.entrypoints: websecure
 {% if traefik_ipwhitelist is defined %}
    ¦ traefik.http.routers.grafana.middlewares: "clientips@docker"
 {% endif %}
      traefik.http.services.grafana.loadbalancer.server.port: 3000
    environment:
      GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}"
--- a/templates/compose/maildev.yml.j2
+++ b/templates/compose/maildev.yml.j2
@ -19,6 +19,9 @@ services:
      traefik.http.routers.maildev.tls: true
      traefik.http.routers.maildev.tls.certresolver: letsencrypt
      traefik.http.routers.maildev.entrypoints: websecure
 {% if traefik_ipwhitelist is defined %}
      traefik.http.routers.maildev.middlewares: "clientips@docker"
 {% endif %}
      traefik.http.services.maildev.loadbalancer.server.port: 1080
    networks:
      - traefik
--- a/templates/compose/redisinsight.yml.j2
+++ b/templates/compose/redisinsight.yml.j2
@ -23,6 +23,9 @@ services:
      traefik.http.routers.redisinsight.entrypoints: "websecure"
      traefik.http.routers.redisinsight.tls.certresolver: "letsencrypt"
      traefik.http.services.redisinsight.loadbalancer.server.port: "5000"
 {% if traefik_ipwhitelist is defined %}
    ¦ traefik.http.routers.redisinsight.middlewares: "clientips@docker"
 {% endif %}
 {% if redisinsight_auth is defined %}
      ## AUTH
      traefik.http.routers.redisinsight-auth.rule: "Host(`{{ redisinsight_domain }}`)"
--- a/templates/compose/traefik.yml.j2
+++ b/templates/compose/traefik.yml.j2
@ -34,8 +34,11 @@ services:
      traefik.http.routers.traefik.tls.certresolver: letsencrypt
      traefik.http.routers.traefik.middlewares: auth
      traefik.http.routers.dashboard.rule: Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
 {% if traefik_ipwhitelist is defined %}
      traefik.http.middlewares.clientips.ipwhitelist.sourcerange: {{ traefik_ipwhitelist }}
 {% endif %}
      traefik.http.middlewares.auth.basicauth.users: "ludal:$$apr1$$N3vklVTY$$zrq2kwkaVdynGlakyb4J7."
-      traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain}} - restricted access
+      traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain }} - restricted access
    logging:
      driver: syslog
      options: