LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

limit local networks

This commit is contained in:
Karol Wypchlo 2021-12-20 14:54:42 +01:00
parent a95a2627d8
commit 9805ac9b2a
No known key found for this signature in database
GPG Key ID: C92C016317A964D0
3 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker/nginx/conf.d/include/local-network-only Normal file
View File

@ -0,0 +1,3 @@
allow 127.0.0.1/32; # localhost
allow 10.10.10.0/24; # docker network
deny all;

6
docker/nginx/conf.d/server.local.conf
View File

@ -4,11 +4,7 @@ server {
listen [::]:8000; listen [::]:8000;
# secure traffic by limiting to only local networks # secure traffic by limiting to only local networks
allow 10.0.0.0/8; include /etc/nginx/conf.d/include/local-network-only;
allow 127.0.0.1/32;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
include /etc/nginx/conf.d/server/server.local; include /etc/nginx/conf.d/server/server.local;
} }

7
docker/nginx/conf.d/server/server.api
View File

@ -334,11 +334,8 @@ location ~ "^/file/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" {
} }
location @purge { location @purge {
allow 10.0.0.0/8; # secure traffic by limiting to only local networks
allow 127.0.0.1/32; include /etc/nginx/conf.d/include/local-network-only;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
set $lua_purge_path "/data/nginx/cache/"; set $lua_purge_path "/data/nginx/cache/";
content_by_lua_file /etc/nginx/conf.d/scripts/purge-multi.lua; content_by_lua_file /etc/nginx/conf.d/scripts/purge-multi.lua;