Michael Grote
b4860abb6a
Reviewed-on: #235 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
37 lines
934 B
YAML
37 lines
934 B
YAML
# TCP da SSH keine Hostnamen kennt
|
|
http:
|
|
###### router #####
|
|
routers:
|
|
router_forgejo:
|
|
rule: "Host(`git.mgrote.net`)"
|
|
service: "service_forgejo"
|
|
middlewares:
|
|
- "ratelimit40@file"
|
|
entrypoints:
|
|
- entry_https
|
|
tls:
|
|
certresolver: resolver_letsencrypt
|
|
###### services #####
|
|
services:
|
|
service_forgejo:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://forgejo.mgrote.net:3000/"
|
|
###### middlewares #####
|
|
middlewares:
|
|
ratelimit40:
|
|
rateLimit:
|
|
average: 40
|
|
burst: 80
|
|
sourceCriterion:
|
|
ipStrategy:
|
|
depth: 2
|
|
allowlist_localnet:
|
|
ipallowlist:
|
|
sourcerange:
|
|
- 192.168.2.0/24
|
|
- 10.25.25.0/24
|
|
- 192.168.48.0/24 # docker
|
|
#- 172.18.0.0/16 # ???
|
|
ipstrategy:
|
|
depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
|