Why... why,,,
This commit is contained in:
parent
bf0f9f9a5a
commit
a56a7b8115
GPG key ID:
087F0A95E5766D72
1 changed files with 76 additions and 44 deletions
|
|
@ -46,37 +46,82 @@ in {
|
||||||
|
|
||||||
# Configure Anubis service
|
# Configure Anubis service
|
||||||
services.anubis = {
|
services.anubis = {
|
||||||
instances."" = {
|
instances = {
|
||||||
enable = true;
|
"" = {
|
||||||
settings = {
|
enable = true;
|
||||||
# Bind to TCP instead of Unix socket for Docker-style integration
|
settings = {
|
||||||
BIND_NETWORK = "tcp";
|
# Bind to TCP instead of Unix socket for Docker-style integration
|
||||||
BIND = "127.0.0.1:8090";
|
BIND_NETWORK = "tcp";
|
||||||
|
BIND = "127.0.0.1:8090";
|
||||||
|
|
||||||
# Empty TARGET for redirect mode
|
# Empty TARGET for redirect mode
|
||||||
TARGET = " ";
|
TARGET = " ";
|
||||||
|
|
||||||
# Configure redirect domains - ALL domains that should be able to redirect back after challenge
|
# Configure redirect domains - ALL domains that should be able to redirect back after challenge
|
||||||
REDIRECT_DOMAINS = "prg-radio.org,git.prg-radio.org,wavelog.prg-radio.org,partdb.prg-radio.org,anubis.prg-radio.org";
|
REDIRECT_DOMAINS = "prg-radio.org,git.prg-radio.org,wavelog.prg-radio.org,partdb.prg-radio.org,anubis.prg-radio.org";
|
||||||
|
|
||||||
# Public URL for Anubis
|
# Public URL for Anubis
|
||||||
PUBLIC_URL = "https://anubis.prg-radio.org";
|
PUBLIC_URL = "https://anubis.prg-radio.org";
|
||||||
|
|
||||||
# Cookie domain for proper scoping (leading dot for all subdomains)
|
# Cookie domain for proper scoping (leading dot for all subdomains)
|
||||||
COOKIE_DOMAIN = ".prg-radio.org";
|
COOKIE_DOMAIN = ".prg-radio.org";
|
||||||
|
|
||||||
# Difficulty level
|
# Difficulty level
|
||||||
DIFFICULTY = 20;
|
DIFFICULTY = 20;
|
||||||
|
|
||||||
# Optional: serve robots.txt
|
# Optional: serve robots.txt
|
||||||
SERVE_ROBOTS_TXT = true;
|
SERVE_ROBOTS_TXT = true;
|
||||||
|
|
||||||
# Optional: webmaster email for error pages
|
# Optional: webmaster email for error pages
|
||||||
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
|
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
|
||||||
|
|
||||||
# Metrics on separate port
|
# Metrics on separate port
|
||||||
METRICS_BIND_NETWORK = "tcp";
|
METRICS_BIND_NETWORK = "tcp";
|
||||||
METRICS_BIND = "127.0.0.1:8091";
|
METRICS_BIND = "127.0.0.1:8091";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Per-service Anubis instances (reverse-proxy mode) ---------------------------
|
||||||
|
forgejo = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
BIND_NETWORK = "tcp";
|
||||||
|
BIND = "127.0.0.1:8092";
|
||||||
|
TARGET = "http://10.1.1.4:3000"; # Forgejo backend
|
||||||
|
DIFFICULTY = 20;
|
||||||
|
SERVE_ROBOTS_TXT = true;
|
||||||
|
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
|
||||||
|
METRICS_BIND_NETWORK = "tcp";
|
||||||
|
METRICS_BIND = "127.0.0.1:8095";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
wavelog = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
BIND_NETWORK = "tcp";
|
||||||
|
BIND = "127.0.0.1:8093";
|
||||||
|
TARGET = "http://10.1.1.249:8086"; # Wavelog backend
|
||||||
|
DIFFICULTY = 20;
|
||||||
|
SERVE_ROBOTS_TXT = true;
|
||||||
|
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
|
||||||
|
METRICS_BIND_NETWORK = "tcp";
|
||||||
|
METRICS_BIND = "127.0.0.1:8096";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
partdb = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
BIND_NETWORK = "tcp";
|
||||||
|
BIND = "127.0.0.1:8094";
|
||||||
|
TARGET = "http://10.1.1.249:8087"; # PartDB backend
|
||||||
|
DIFFICULTY = 20;
|
||||||
|
SERVE_ROBOTS_TXT = true;
|
||||||
|
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
|
||||||
|
METRICS_BIND_NETWORK = "tcp";
|
||||||
|
METRICS_BIND = "127.0.0.1:8097";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -141,24 +186,14 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# Define Anubis middleware
|
|
||||||
http.middlewares = {
|
|
||||||
anubis = {
|
|
||||||
forwardAuth = {
|
|
||||||
address = "http://127.0.0.1:8090/.within.website/x/cmd/anubis/api/check";
|
|
||||||
trustForwardHeader = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
http.routers = {
|
http.routers = {
|
||||||
#anubis-api = {
|
#anubis-api = {
|
||||||
# rule = "Host(`anubis.prg-radio.org`) && PathPrefix(`/.within.website/x/cmd/anubis/api`)";
|
# rule = "Host(`anubis.prg-radio.org`) && PathPrefix(`/.within.website/x/cmd/anubis/api`)";
|
||||||
# service = "anubis";
|
# service = "anubis";
|
||||||
# entryPoints = ["websecure"];
|
# entryPoints = ["websecure"];
|
||||||
# priority = 200;
|
# priority = 200;
|
||||||
# tls = {};
|
# tls = {};
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# Anubis router (for challenge page)
|
# Anubis router (for challenge page)
|
||||||
anubis = {
|
anubis = {
|
||||||
|
|
@ -173,7 +208,6 @@ in {
|
||||||
rule = "Host(`git.prg-radio.org`)";
|
rule = "Host(`git.prg-radio.org`)";
|
||||||
service = "forgejo";
|
service = "forgejo";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
middlewares = ["anubis"]; # Add Anubis protection
|
|
||||||
tls = {};
|
tls = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -190,22 +224,20 @@ in {
|
||||||
rule = "Host(`wavelog.prg-radio.org`)";
|
rule = "Host(`wavelog.prg-radio.org`)";
|
||||||
service = "wavelog";
|
service = "wavelog";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
middlewares = ["anubis"]; # Add Anubis protection
|
|
||||||
tls = {};
|
tls = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Protected service: PartDB (remove middleware)
|
# Protected service: PartDB
|
||||||
partdb = {
|
partdb = {
|
||||||
rule = "Host(`partdb.prg-radio.org`)";
|
rule = "Host(`partdb.prg-radio.org`)";
|
||||||
service = "partdb";
|
service = "partdb";
|
||||||
middlewares = ["anubis"]; # Add Anubis protection
|
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
tls = {};
|
tls = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
http.services = {
|
http.services = {
|
||||||
# Anubis service
|
# Anubis service (challenge UI / redirect endpoint)
|
||||||
anubis.loadBalancer = {
|
anubis.loadBalancer = {
|
||||||
servers = [
|
servers = [
|
||||||
{url = "http://127.0.0.1:8090";}
|
{url = "http://127.0.0.1:8090";}
|
||||||
|
|
@ -215,7 +247,7 @@ in {
|
||||||
|
|
||||||
forgejo.loadBalancer = {
|
forgejo.loadBalancer = {
|
||||||
servers = [
|
servers = [
|
||||||
{url = "http://10.1.1.4:3000";}
|
{url = "http://127.0.0.1:8092";}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
matrix.loadBalancer = {
|
matrix.loadBalancer = {
|
||||||
|
|
@ -225,13 +257,13 @@ in {
|
||||||
};
|
};
|
||||||
wavelog.loadBalancer = {
|
wavelog.loadBalancer = {
|
||||||
servers = [
|
servers = [
|
||||||
{url = "http://10.1.1.249:8086";}
|
{url = "http://127.0.0.1:8093";}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
partdb.loadBalancer = {
|
partdb.loadBalancer = {
|
||||||
servers = [
|
servers = [
|
||||||
{url = "http://10.1.1.249:8087";}
|
{url = "http://127.0.0.1:8094";}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue