aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Crute <mike@crute.us>2020-12-29 02:05:04 +0000
committerMike Crute <mike@crute.us>2020-12-29 02:05:04 +0000
commitacae3efa52e7ec82530bc231a4156f5f2ed3bdb2 (patch)
tree656da743a0aaf8cc877904cf2292c7849497a663
parentd26199c824ed0be31ed4c9359f92e00743ff9e34 (diff)
downloaddockerfiles-acae3efa52e7ec82530bc231a4156f5f2ed3bdb2.tar.bz2
dockerfiles-acae3efa52e7ec82530bc231a4156f5f2ed3bdb2.tar.xz
dockerfiles-acae3efa52e7ec82530bc231a4156f5f2ed3bdb2.zip
nginx: add other networks
Diffstat
-rw-r--r--nginx-common/conf/includes/internal_ip_allow_only.conf8
-rw-r--r--nginx-common/conf/includes/internal_ip_cgit_acl.conf22
2 files changed, 27 insertions, 3 deletions
diff --git a/nginx-common/conf/includes/internal_ip_allow_only.conf b/nginx-common/conf/includes/internal_ip_allow_only.conf
index 5629293..0a4e152 100644
--- a/nginx-common/conf/includes/internal_ip_allow_only.conf
+++ b/nginx-common/conf/includes/internal_ip_allow_only.conf
@@ -4,6 +4,10 @@ allow 172.16.0.0/16;
4allow 172.18.0.0/16; 4allow 172.18.0.0/16;
5# SEA4 V4 Internal Network 5# SEA4 V4 Internal Network
6allow 172.19.0.0/16; 6allow 172.19.0.0/16;
7# ORD1 V4 Internal Network
8allow 172.20.0.0/16;
9# Mobile V4 Internal Network
10allow 172.21.0.0/16;
7# PDX1 V6 Network 11# PDX1 V6 Network
8allow 2600:1f14:f39:e000::/56; 12allow 2600:1f14:f39:e000::/56;
9# CMH1 V6 Network 13# CMH1 V6 Network
@@ -20,6 +24,10 @@ allow 2602:0803:4075::/48;
20allow 2602:0803:4073::/48; 24allow 2602:0803:4073::/48;
21# FKL1 Internal V6 Network 25# FKL1 Internal V6 Network
22allow 2602:0803:4074::/48; 26allow 2602:0803:4074::/48;
27# Wireguard RAS V6 Network
28allow 2602:0803:4075::/48;
29# Mobile V6 Internal Network
30allow 2602:0803:4076::/48;
23 31
24allow 127.0.0.1; 32allow 127.0.0.1;
25deny all; 33deny all;
diff --git a/nginx-common/conf/includes/internal_ip_cgit_acl.conf b/nginx-common/conf/includes/internal_ip_cgit_acl.conf
index 98462ab..427d821 100644
--- a/nginx-common/conf/includes/internal_ip_cgit_acl.conf
+++ b/nginx-common/conf/includes/internal_ip_cgit_acl.conf
@@ -5,12 +5,28 @@ geo $cgit_config {
5 172.16.0.0/16 "/srv/code/etc/cgit-private.cfg"; 5 172.16.0.0/16 "/srv/code/etc/cgit-private.cfg";
6 # FKL1 V4 Internal network 6 # FKL1 V4 Internal network
7 172.18.0.0/16 "/srv/code/etc/cgit-private.cfg"; 7 172.18.0.0/16 "/srv/code/etc/cgit-private.cfg";
8 # SEA4 V4 Internal network
9 172.19.0.0/16 "/srv/code/etc/cgit-private.cfg";
10 # ORD1 V4 Internal network
11 172.20.0.0/16 "/srv/code/etc/cgit-private.cfg";
12 # Mobile V4 Internal network
13 172.21.0.0/16 "/srv/code/etc/cgit-private.cfg";
8 # PDX1 V6 Network 14 # PDX1 V6 Network
9 2600:1f14:f39:e000::/56 "/srv/code/etc/cgit-private.cfg"; 15 2600:1f14:f39:e000::/56 "/srv/code/etc/cgit-private.cfg";
10 # CMH1 V6 Network 16 # CMH1 V6 Network
11 2600:1f16:33:500::/56 "/srv/code/etc/cgit-private.cfg"; 17 2600:1f16:33:500::/56 "/srv/code/etc/cgit-private.cfg";
12 # LHR1 V6 Network
13 2a05:d01c:7ba:b800::/56 "/srv/code/etc/cgit-private.cfg";
14 # SEA1 Internal V6 Network 18 # SEA1 Internal V6 Network
15 2602:0803:4070::/64 "/srv/code/etc/cgit-private.cfg"; 19 2602:0803:4070::/48 "/srv/code/etc/cgit-private.cfg";
20 # SEA4 Internal V6 Network
21 2602:0803:4072::/48 "/srv/code/etc/cgit-private.cfg";
22 # SEA4 Remote Access VPN V6 Network
23 2602:0803:4075::/48 "/srv/code/etc/cgit-private.cfg";
24 # ORD1 Internal V6 Network
25 2602:0803:4073::/48 "/srv/code/etc/cgit-private.cfg";
26 # FKL1 Internal V6 Network
27 2602:0803:4074::/48 "/srv/code/etc/cgit-private.cfg";
28 # Wireguard RAS V6 Network
29 2602:0803:4075::/48 "/srv/code/etc/cgit-private.cfg";
30 # Mobile V6 Internal Network
31 2602:0803:4076::/48 "/srv/code/etc/cgit-private.cfg";
16} 32}
© 2015 Mike Crute