this post was submitted on 24 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 
frontend main_ssl
        bind *:443
        mode tcp
        option tcplog

        # Wait for a client hello for at most 5 seconds
        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }


        use_backend cloud_ssl if { req_ssl_sni -i cloud.example.com }
        use_backend rproxy_ssl if { req_ssl_sni -i assets.example.com }
        use_backend rproxy_ssl if { req_ssl_sni -i support.example.com }
        use_backend manage_ssl if { req_ssl_sni -i management.example.com }


backend cloud_ssl
        mode tcp
        balance roundrobin
        server cloud_ssl_server 10.10.5.8:443 check

backend rproxy_ssl
        mode tcp
        balance roundrobin
        server rpoxy_ssl_server 10.10.5.40:443 check

backend manage_ssl
        mode tcp
        balance roundrobin
        server manage_ssl_server 10.10.5.2:443 check

Is it possible to get 'manage_ssl' to block all IP addresses except for a small collection in a file or such?

I know that there is some documentation and quite a few Stack Overflow posts but I seem to be lacking an understanding of the syntax / format that this stuff needs to be in.

and no, I can't just block at the whole proxy level, nor can I do it at the firewall level. The other sites have to be reachable by all users, it's just one domain that needs to be blocked and IPs whitelisted for.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here