mathieu/system-config
1
0
Fork 0
Code Issues Packages Activity Actions

Add IP address filter to nginx
All checks were successful
ShellCheck / shellcheck (push) Successful in 37s
Details

Browse source
This commit is contained in:
Mathieu Strypsteen 2024-07-18 13:25:33 +02:00
parent b4edf617a6
commit 555f6e0f82
Signed by: mathieu
GPG key ID: 782A42E461BC6824
7 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
container-config/nginx-home/code
View file

@ -3,6 +3,8 @@ server {
server_name *.code-proxy.strypsteen.com; server_name *.code-proxy.strypsteen.com;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
deny 10.0.0.1;
deny fd00::1;
include snippets/headers.conf; include snippets/headers.conf;
location / { location / {
set $upstream sandbox.server.home.arpa; set $upstream sandbox.server.home.arpa;

2
container-config/nginx-home/element
View file

@ -2,6 +2,8 @@ server {
server_name element.strypsteen.com; server_name element.strypsteen.com;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
deny 10.0.0.1;
deny fd00::1;
include snippets/headers.conf; include snippets/headers.conf;
location / { location / {
set $upstream systemd-element.; set $upstream systemd-element.;

2
container-config/nginx-home/llm
View file

@ -2,6 +2,8 @@ server {
server_name llm.strypsteen.com; server_name llm.strypsteen.com;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
deny 10.0.0.1;
deny fd00::1;
include snippets/headers.conf; include snippets/headers.conf;
location / { location / {
set $upstream systemd-big-agi.; set $upstream systemd-big-agi.;

2
container-config/nginx-home/network
View file

@ -2,6 +2,8 @@ server {
server_name network.strypsteen.com; server_name network.strypsteen.com;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
deny 10.0.0.1;
deny fd00::1;
include snippets/headers.conf; include snippets/headers.conf;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'" always; add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'" always;
location / { location / {

2
container-config/nginx-home/remote-desktop
View file

@ -2,6 +2,8 @@ server {
server_name remote-desktop.strypsteen.com; server_name remote-desktop.strypsteen.com;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
deny 10.0.0.1;
deny fd00::1;
include snippets/headers.conf; include snippets/headers.conf;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
location / { location / {

1
desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/defaults/pref/config.js
View file

@ -25,6 +25,7 @@ pref("media.videocontrols.picture-in-picture.video-toggle.has-used", true);
pref("middlemouse.paste", false); pref("middlemouse.paste", false);
pref("network.IDN_show_punycode", true); pref("network.IDN_show_punycode", true);
pref("network.http.referer.XOriginTrimmingPolicy", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2);
pref("network.trr.excluded-domains", "strypsteen.com");
pref("permissions.manager.defaultsUrl", ""); pref("permissions.manager.defaultsUrl", "");
pref("privacy.donottrackheader.enabled", true); pref("privacy.donottrackheader.enabled", true);
pref("privacy.globalprivacycontrol.enabled", true); pref("privacy.globalprivacycontrol.enabled", true);

3
setup-vyos.sh
View file

@ -13,7 +13,7 @@ set interfaces ethernet eth2 address 192.168.254.1/24
set interfaces ethernet eth2 address fc01::1/64 set interfaces ethernet eth2 address fc01::1/64
set interfaces ethernet eth3 address 192.168.253.1/24 set interfaces ethernet eth3 address 192.168.253.1/24
set interfaces ethernet eth3 address fc02::1/64 set interfaces ethernet eth3 address fc02::1/64
set interfaces wireguard wg0 address 10.0.0.1/24 set interfaces wireguard wg0 address 10.255.0.1/24
set interfaces wireguard wg0 port 51820 set interfaces wireguard wg0 port 51820
set service ssh disable-password-authentication set service ssh disable-password-authentication
@ -47,6 +47,7 @@ set service dns forwarding name-server 9.9.9.9
set service dns forwarding dnssec validate set service dns forwarding dnssec validate
set service dns forwarding allow-from 127.0.0.1/32 set service dns forwarding allow-from 127.0.0.1/32
set service dns forwarding allow-from 192.168.0.0/16 set service dns forwarding allow-from 192.168.0.0/16
set service dns forwarding allow-from 10.255.0.0/16
set service tftp-server directory /config/tftp set service tftp-server directory /config/tftp
set service tftp-server listen-address 192.168.253.1 set service tftp-server listen-address 192.168.253.1