OpenSlides/proxy/caddy_base.json
peb-adr ff13c99818
proxy: check ALLOWED_HOSTS only for client requests (#6328)
This feature is only intended to identify misdirected browser requests.
The other routes are called by services/tools which will not necessarily
set the 'Host' header and thus break.

Co-authored-by: Adrian Richter <adrian@intevation.de>
2022-01-12 17:11:21 +01:00

214 lines
5.1 KiB
JSON

{
"apps": {
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"module": "acme",
"challenges": {
"tls-alpn": {
"disabled": true
}
}
}
]
}
]
}
},
"http": {
"servers": {
"srv0": {
"listen": [":8000"],
"allow_h2c": true,
"routes": [
{
"handle": [
{
"flush_interval": -1,
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$AUTOUPDATE_HOST:$AUTOUPDATE_PORT"
}
]
}
],
"match": [
{
"path": ["/system/autoupdate*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$PRESENTER_HOST:$PRESENTER_PORT"
}
]
}
],
"match": [
{
"path": ["/system/presenter*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$ACTION_HOST:$ACTION_PORT"
}
]
}
],
"match": [
{
"path": ["/system/action*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$MEDIA_HOST:$MEDIA_PORT"
}
]
}
],
"match": [
{
"path": ["/system/media*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$AUTH_HOST:$AUTH_PORT"
}
]
}
],
"match": [
{
"path": ["/system/auth*"]
}
]
},
{
"handle": [
{
"flush_interval": -1,
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$ICC_HOST:$ICC_PORT"
}
]
}
],
"match": [
{
"path": ["/system/icc*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$VOTE_HOST:$VOTE_PORT"
}
]
}
],
"match": [
{
"path": ["/system/vote*"]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"flush_interval": -1,
"transport": {
"protocol": "http",
"versions": ["2", "h2c"]
},
"upstreams": [
{
"dial": "$MANAGE_HOST:$MANAGE_PORT"
}
]
}
],
"match": [
{
"header": {
"Content-Type": ["application/grpc"]
}
}
]
},
{
"handle": [
{
"body": "Misdirected Request",
"close": true,
"handler": "static_response",
"status_code": 421
}
],
"match": [
{
"not": [
{
"header": {
"Host": []
}
}
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "$CLIENT_HOST:$CLIENT_PORT"
}
]
}
]
}
],
"automatic_https": {
"disable": true
}
}
}
}
}
}