dogeystamp/homeserver-iac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b0a28a0e47
homeserver-iac/roles/haproxy/templates/haproxy.cfg.bastion.j2
dogeystamp 864c1bdfd3
haproxy, firewall, containers: force connections through bastion vpn 
docker is now listening on localhost, with a haproxy on the services
server to forward the ports outwards. this is because docker tends to
disregard UFW's rules, but haproxy should be better in that regard.

meanwhile, the firewall rules have been configured properly to only
allow the bastion IP in over the wireguard connection, for proper
authentication.
2024-06-19 23:02:08 -04:00

18 lines
336 B
Django/Jinja
Raw Blame History

defaults
log global
mode tcp
timeout connect 10s
timeout client 36h
timeout server 36h
balance leastconn
{% if groups["gitea"] | length > 0 %}
listen gitea_ssh
bind *:2499
option tcp-check
tcp-check expect rstring SSH-2.0-OpenSSH.*
{% for host in groups["gitea"] %}
server {{ host }} {{ host }}:2498
{% endfor %}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink