mirror of
https://github.com/FAUSheppy/athq-vm-management
synced 2026-04-26 22:02:29 +02:00
50 lines
1.1 KiB
Django/Jinja
50 lines
1.1 KiB
Django/Jinja
map $ssl_preread_server_name $proxy_name {
|
|
default 127.0.0.1:10443;
|
|
{% for line in ssl_passthrough_map %}
|
|
{{ line }}
|
|
{% endfor %}
|
|
}
|
|
|
|
geo $priviledged_networks {
|
|
default 0;
|
|
127.0.0.0/24 1;
|
|
159.69.136.222 1; # atlantishq
|
|
95.217.57.49 1; # atlantis-helsinki
|
|
142.132.212.54 1; # katzencluster
|
|
10.0.0.0/8 1; # wireguard & k3s
|
|
192.168.122.0/24 1; # atlantishq-vms
|
|
192.168.123.0/24 1; # katzencluster-vms
|
|
192.168.124.0/24 1; # athq-helsinki-vms
|
|
192.168.125.0/24 1; # reserved/vm test net
|
|
135.181.80.154 1; # postgres master
|
|
46.62.175.169 1; # postgres replica
|
|
}
|
|
|
|
map $block_connection $proxy_target {
|
|
1 127.0.0.1:1; # blackhole (connection fails)
|
|
0 $proxy_name;
|
|
}
|
|
|
|
map $ssl_preread_server_name $is_restricted {
|
|
default 0;
|
|
~^immich-ml\.services\.atlantishq\.de$ 1;
|
|
}
|
|
|
|
map "$is_restricted:$priviledged_networks" $block_connection {
|
|
default 0;
|
|
"1:0" 1;
|
|
}
|
|
|
|
server {
|
|
|
|
listen 443 ;
|
|
listen [::]:443 ;
|
|
|
|
|
|
proxy_timeout 5m;
|
|
proxy_responses 1;
|
|
ssl_preread on;
|
|
proxy_pass $proxy_target;
|
|
|
|
}
|