From 43aed3e6b7edcf8cc2508d341201d82a8c8dcb92 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 24 Sep 2023 02:45:30 +0200 Subject: [PATCH] Deny remote access to local domains --- roles/docker_services/templates/Caddyfile.j2 | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/roles/docker_services/templates/Caddyfile.j2 b/roles/docker_services/templates/Caddyfile.j2 index 193a577..c6f7620 100644 --- a/roles/docker_services/templates/Caddyfile.j2 +++ b/roles/docker_services/templates/Caddyfile.j2 @@ -23,7 +23,15 @@ -Server } - reverse_proxy ipfs_kubo:5001 + @local { + remote_ip 192.168.0.0/16 + } + + handle @local { + reverse_proxy ipfs_kubo:5001 + } + + respond 403 } {{ services.ipfs.gateway_domain }}, @@ -76,5 +84,13 @@ -Server } - reverse_proxy pihole:80 + @local { + remote_ip 192.168.0.0/16 + } + + handle @local { + reverse_proxy pihole:80 + } + + respond 403 }