Restrict access to caddy admin api
This commit is contained in:
parent
4a853065db
commit
83749c4493
4 changed files with 11 additions and 8 deletions
playbooks/roles
services.auto.tfvars
|
@ -1,14 +1,21 @@
|
||||||
{
|
{
|
||||||
email {{ admin_email }}
|
email {{ admin_email }}
|
||||||
|
|
||||||
|
metrics
|
||||||
|
|
||||||
servers {
|
servers {
|
||||||
metrics
|
|
||||||
strict_sni_host on
|
strict_sni_host on
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
import /etc/caddy/snippets
|
import /etc/caddy/snippets
|
||||||
|
|
||||||
|
http://{{ host_vpn.domain }} {
|
||||||
|
import vpn_only
|
||||||
|
|
||||||
|
metrics
|
||||||
|
}
|
||||||
|
|
||||||
*.serguzim.me {
|
*.serguzim.me {
|
||||||
import acmedns
|
import acmedns
|
||||||
|
|
||||||
|
|
|
@ -4,13 +4,10 @@ caddy_acmedns_pass: "{{ vault_caddy.acmedns.pass }}"
|
||||||
caddy_acmedns_subd: "{{ vault_caddy.acmedns.subd }}"
|
caddy_acmedns_subd: "{{ vault_caddy.acmedns.subd }}"
|
||||||
caddy_acmedns_url: "https://{{ acme_dns.host }}"
|
caddy_acmedns_url: "https://{{ acme_dns.host }}"
|
||||||
|
|
||||||
caddy_ports_default:
|
caddy_ports: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
|
||||||
- "{{ host_vpn.ip }}:2019:2019"
|
|
||||||
caddy_ports_extra: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
|
|
||||||
caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
|
|
||||||
|
|
||||||
caddy_env:
|
caddy_env:
|
||||||
CADDY_ADMIN: 0.0.0.0:2019
|
CADDY_ADMIN: unix//run/caddy-admin.sock
|
||||||
|
|
||||||
ACMEDNS_USER: "{{ caddy_acmedns_user }}"
|
ACMEDNS_USER: "{{ caddy_acmedns_user }}"
|
||||||
ACMEDNS_PASS: "{{ caddy_acmedns_pass }}"
|
ACMEDNS_PASS: "{{ caddy_acmedns_pass }}"
|
||||||
|
|
|
@ -39,7 +39,7 @@ prometheus.scrape "node_exporter" {
|
||||||
prometheus.scrape "caddy" {
|
prometheus.scrape "caddy" {
|
||||||
targets = [
|
targets = [
|
||||||
{% for host_data in opentofu.hosts.values() %}
|
{% for host_data in opentofu.hosts.values() %}
|
||||||
{"__address__" = "{{ host_data.fqdn_vpn }}:2019", "instance" = "{{ host_data.hostname }}"},
|
{"__address__" = "{{ host_data.fqdn_vpn }}", "instance" = "{{ host_data.hostname }}"},
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
]
|
]
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
forward_to = [prometheus.remote_write.mimir.receiver]
|
||||||
|
|
|
@ -93,7 +93,6 @@ services = {
|
||||||
protocol = "udp"
|
protocol = "udp"
|
||||||
type = "reverse_proxy"
|
type = "reverse_proxy"
|
||||||
},
|
},
|
||||||
#"2019:2019",
|
|
||||||
]
|
]
|
||||||
auth = false
|
auth = false
|
||||||
database = false
|
database = false
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue