Improve default templates, mostly by adding ACLs

danie1k · Jan 21, 2021 · de89a58 · de89a58
1 parent 5438d2f
commit de89a58
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/python/docker_network_monitor/templates/80.j2 b/python/docker_network_monitor/templates/80.j2
@@ -1,7 +1,15 @@
 listen docker-{{ hostname }}
-  bind *:443  interface eth0
-  bind *:80   interface eth0
   mode http
-  option forwardfor
+  bind *:80 interface eth0
+
+  # SSL
+  bind *:443 interface eth0
   redirect scheme https code 301 if !{ ssl_fc }
+
+  # Allow only requests for a valid FQDN
+  acl is_{{ hostname }} hdr(host) -i "{{ hostname }}.${DOMAIN_NAME}"
+  tcp-request content accept if is_{{ hostname }}
+  tcp-request content reject
+
+  option forwardfor
   server {{ hostname }} {{ ip }}:{{ target_port }}
diff --git a/python/docker_network_monitor/templates/default.j2 b/python/docker_network_monitor/templates/default.j2
@@ -1,4 +1,10 @@
 listen docker-{{ hostname }}
-  bind *:{{ source_port }} interface eth0
   mode tcp
+  bind *:{{ source_port }} interface eth0
+
+  # Allow only requests for a valid FQDN
+  acl is_{{ hostname }} hdr(host) -i "{{ hostname }}.${DOMAIN_NAME}"
+  tcp-request content accept if is_{{ hostname }}
+  tcp-request content reject
+
   server {{ hostname }} {{ ip }}:{{ target_port }}