Deny remote access to local domains

2023-09-24 02:45:30 +02:00 · 2023-09-24 02:45:30 +02:00 · 43aed3e6b7
parent cbb672fe74
commit 43aed3e6b7
1 changed files with 18 additions and 2 deletions
--- a/roles/docker_services/templates/Caddyfile.j2
+++ b/roles/docker_services/templates/Caddyfile.j2
@ -23,9 +23,17 @@
        -Server
    }

+    @local {
+        remote_ip 192.168.0.0/16
+    }
+
+    handle @local {
        reverse_proxy ipfs_kubo:5001
    }

+    respond 403
+}
+
 {{ services.ipfs.gateway_domain }},
 *.ipfs.{{ services.ipfs.gateway_domain }},
 *.ipns.{{ services.ipfs.gateway_domain }} {
@ -76,5 +84,13 @@
        -Server
    }

+    @local {
+        remote_ip 192.168.0.0/16
+    }
+
+    handle @local {
        reverse_proxy pihole:80
    }
+
+    respond 403
+}