Add global ipwhitelist on traefik
This commit is contained in:
parent
3dab765238
commit
69e8e45188
@ -57,6 +57,7 @@ Example variables
|
||||
|
||||
traefik_domain: 'mydomain.com'
|
||||
traefik_letsencrypt_email: 'cert@mydomain.com'
|
||||
traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
|
||||
|
||||
maildev_domain: 'maildev.mydomain.com'
|
||||
|
||||
|
@ -29,6 +29,9 @@ services:
|
||||
traefik.http.routers.grafana.tls: true
|
||||
traefik.http.routers.grafana.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.grafana.entrypoints: websecure
|
||||
{% if traefik_ipwhitelist is defined %}
|
||||
¦ traefik.http.routers.grafana.middlewares: "clientips@docker"
|
||||
{% endif %}
|
||||
traefik.http.services.grafana.loadbalancer.server.port: 3000
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}"
|
||||
|
@ -19,6 +19,9 @@ services:
|
||||
traefik.http.routers.maildev.tls: true
|
||||
traefik.http.routers.maildev.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.maildev.entrypoints: websecure
|
||||
{% if traefik_ipwhitelist is defined %}
|
||||
traefik.http.routers.maildev.middlewares: "clientips@docker"
|
||||
{% endif %}
|
||||
traefik.http.services.maildev.loadbalancer.server.port: 1080
|
||||
networks:
|
||||
- traefik
|
||||
|
@ -23,6 +23,9 @@ services:
|
||||
traefik.http.routers.redisinsight.entrypoints: "websecure"
|
||||
traefik.http.routers.redisinsight.tls.certresolver: "letsencrypt"
|
||||
traefik.http.services.redisinsight.loadbalancer.server.port: "5000"
|
||||
{% if traefik_ipwhitelist is defined %}
|
||||
¦ traefik.http.routers.redisinsight.middlewares: "clientips@docker"
|
||||
{% endif %}
|
||||
{% if redisinsight_auth is defined %}
|
||||
## AUTH
|
||||
traefik.http.routers.redisinsight-auth.rule: "Host(`{{ redisinsight_domain }}`)"
|
||||
|
@ -34,8 +34,11 @@ services:
|
||||
traefik.http.routers.traefik.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.traefik.middlewares: auth
|
||||
traefik.http.routers.dashboard.rule: Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
||||
{% if traefik_ipwhitelist is defined %}
|
||||
traefik.http.middlewares.clientips.ipwhitelist.sourcerange: {{ traefik_ipwhitelist }}
|
||||
{% endif %}
|
||||
traefik.http.middlewares.auth.basicauth.users: "ludal:$$apr1$$N3vklVTY$$zrq2kwkaVdynGlakyb4J7."
|
||||
traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain}} - restricted access
|
||||
traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain }} - restricted access
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
|
Loading…
x
Reference in New Issue
Block a user