slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

: add authorized ip

Browse Source
This commit is contained in:
VC
2025-05-01 11:39:39 +02:00
parent 9d3276f0a3
commit 57ccf013c4
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/host_vars/bt.yml
View File

@@ -6,6 +6,7 @@ web_hostname:
- host: btf.mateu.be
allowlistv4:
- 88.175.123.77/32
- 109.9.84.47/32
allowlistv6:
- 2a01:e0a:9bd:2811::/64
- 2a01:e0a:9bd:2810::/64

2
roles/haproxy/templates/haproxy.cfg.j2
View File

@@ -80,7 +80,7 @@ frontend https
acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
{% set host = (hostvars[server].web_hostname | selectattr('host', '==', hostname))[0] %}
{% if host.allowlistv4 is defined %}
acl network_allowed_{{ hostname }} src {% for addrv4 in host.allowlistv4 %}{{ addrv4 }}{% endfor %}
acl network_allowed_{{ hostname }} src {% for addrv4 in host.allowlistv4 %} {{ addrv4 }}{% endfor %}
{% endif %}
use_backend https_{{ hostvars[server].ansible_host }} if host_{{ hostname }}{% if host.allowlistv4 is defined %} network_allowed_{{ hostname }}{% endif %}