aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Crute <mike@crute.us>2023-08-03 07:26:04 -0700
committerMike Crute <mike@crute.us>2023-08-03 07:26:04 -0700
commitf21781bbc2052fe1dd9007a92b59b9f5696d5627 (patch)
treef48df2a63b82402922ee45cd9d73d4c148a4832a
parente38869a77c794c34f4dd8515a12de9a9def0550c (diff)
downloaddockerfiles-f21781bbc2052fe1dd9007a92b59b9f5696d5627.tar.bz2
dockerfiles-f21781bbc2052fe1dd9007a92b59b9f5696d5627.tar.xz
dockerfiles-f21781bbc2052fe1dd9007a92b59b9f5696d5627.zip
nginx: update IP acl
Diffstat
-rw-r--r--nginx-common/conf/includes/internal_ip_allow_only.conf32
-rw-r--r--nginx-common/conf/includes/internal_ip_cgit_acl.conf30
2 files changed, 7 insertions, 55 deletions
diff --git a/nginx-common/conf/includes/internal_ip_allow_only.conf b/nginx-common/conf/includes/internal_ip_allow_only.conf
index 0a4e152..11f9116 100644
--- a/nginx-common/conf/includes/internal_ip_allow_only.conf
+++ b/nginx-common/conf/includes/internal_ip_allow_only.conf
@@ -1,33 +1,15 @@
1# Global V4 Internal Network 1allow 23.149.16.0/24;
2allow 172.16.0.0/16; 2allow 172.16.0.0/16;
3# FKL1 V4 Internal Network
4allow 172.18.0.0/16; 3allow 172.18.0.0/16;
5# SEA4 V4 Internal Network
6allow 172.19.0.0/16; 4allow 172.19.0.0/16;
7# ORD1 V4 Internal Network
8allow 172.20.0.0/16; 5allow 172.20.0.0/16;
9# Mobile V4 Internal Network
10allow 172.21.0.0/16; 6allow 172.21.0.0/16;
11# PDX1 V6 Network 7allow 2602:803:4070::/64;
12allow 2600:1f14:f39:e000::/56; 8allow 2602:803:4072::/48;
13# CMH1 V6 Network 9allow 2602:803:4073::/48;
14allow 2600:1f16:33:500::/56; 10allow 2602:803:4074::/48;
15# LHR1 V6 Network 11allow 2602:803:4075::/48;
16allow 2a05:d01c:7ba:b800::/56; 12allow 2602:803:4076::/48;
17# SEA1 Internal V6 Network
18allow 2602:0803:4070::/48;
19# SEA4 Internal V6 Network
20allow 2602:0803:4072::/48;
21# SEA4 Remote Access VPN V6 Network
22allow 2602:0803:4075::/48;
23# ORD1 Internal V6 Network
24allow 2602:0803:4073::/48;
25# FKL1 Internal V6 Network
26allow 2602:0803:4074::/48;
27# Wireguard RAS V6 Network
28allow 2602:0803:4075::/48;
29# Mobile V6 Internal Network
30allow 2602:0803:4076::/48;
31 13
32allow 127.0.0.1; 14allow 127.0.0.1;
33deny all; 15deny all;
diff --git a/nginx-common/conf/includes/internal_ip_cgit_acl.conf b/nginx-common/conf/includes/internal_ip_cgit_acl.conf
deleted file mode 100644
index 833d4db..0000000
--- a/nginx-common/conf/includes/internal_ip_cgit_acl.conf
+++ /dev/null
@@ -1,30 +0,0 @@
1geo $cgit_config {
2 default "/srv/code/etc/cgit-public.cfg";
3
4 # Global V4 Internal Network
5 172.16.0.0/16 "/srv/code/etc/cgit-private.cfg";
6 # FKL1 V4 Internal network
7 172.18.0.0/16 "/srv/code/etc/cgit-private.cfg";
8 # SEA4 V4 Internal network
9 172.19.0.0/16 "/srv/code/etc/cgit-private.cfg";
10 # ORD1 V4 Internal network
11 172.20.0.0/16 "/srv/code/etc/cgit-private.cfg";
12 # Mobile V4 Internal network
13 172.21.0.0/16 "/srv/code/etc/cgit-private.cfg";
14 # PDX1 V6 Network
15 2600:1f14:f39:e000::/56 "/srv/code/etc/cgit-private.cfg";
16 # CMH1 V6 Network
17 2600:1f16:33:500::/56 "/srv/code/etc/cgit-private.cfg";
18 # SEA1 Internal V6 Network
19 2602:0803:4070::/48 "/srv/code/etc/cgit-private.cfg";
20 # SEA4 Internal V6 Network
21 2602:0803:4072::/48 "/srv/code/etc/cgit-private.cfg";
22 # ORD1 Internal V6 Network
23 2602:0803:4073::/48 "/srv/code/etc/cgit-private.cfg";
24 # FKL1 Internal V6 Network
25 2602:0803:4074::/48 "/srv/code/etc/cgit-private.cfg";
26 # Wireguard RAS V6 Network
27 2602:0803:4075::/48 "/srv/code/etc/cgit-private.cfg";
28 # Mobile V6 Internal Network
29 2602:0803:4076::/48 "/srv/code/etc/cgit-private.cfg";
30}
© 2015 Mike Crute