etheroute-lon01: use FQDN for Pomerium DNS

This commit is contained in:
Luke Granger-Brown 2022-03-11 16:20:24 +00:00
parent 72a647b80f
commit dd746bec32

View file

@ -303,44 +303,45 @@ in {
allowed_domains = null; allowed_domains = null;
} // extraConfig; } // extraConfig;
in [ in [
(service "clouvider-fra01" "int.lukegb.com" {}) (service "clouvider-fra01.int.as205479.net" "int.lukegb.com" {})
(service "clouvider-fra01" "logged-out.int.lukegb.com" (public {})) (service "clouvider-fra01.int.as205479.net" "logged-out.int.lukegb.com" (public {}))
(service "clouvider-fra01" "sonarr.int.lukegb.com" {}) (service "clouvider-fra01.int.as205479.net" "sonarr.int.lukegb.com" {})
(service "clouvider-fra01" "radarr.int.lukegb.com" {}) (service "clouvider-fra01.int.as205479.net" "radarr.int.lukegb.com" {})
(service "clouvider-fra01" "deluge.int.lukegb.com" {}) (service "clouvider-fra01.int.as205479.net" "deluge.int.lukegb.com" {})
(service "clouvider-fra01" "content.int.lukegb.com" {}) (service "clouvider-fra01.int.as205479.net" "content.int.lukegb.com" {})
(service "totoro:9090" "prometheus.int.lukegb.com" {}) (service "totoro.int.as205479.net:9090" "prometheus.int.lukegb.com" {})
(service "totoro:9093" "alertmanager.int.lukegb.com" {}) (service "totoro.int.as205479.net:9093" "alertmanager.int.lukegb.com" {})
(service "totoro:3000" "grafana.int.lukegb.com" {}) (service "totoro.int.as205479.net:3000" "grafana.int.lukegb.com" {})
(secureService "swann:8443" "unifi.int.lukegb.com" { (secureService "swann.int.as205479.net:8443" "unifi.int.lukegb.com" {
tls_skip_verify = true; tls_skip_verify = true;
allow_websockets = true; allow_websockets = true;
timeout = "0"; timeout = "0";
}) })
(service "blade-tuvok:7480" "objdump.zxcvbnm.ninja" (public { (service "blade-tuvok.int.as205479.net:7480" "objdump.zxcvbnm.ninja" (public {
timeout = "30m"; # Uploads can take a while; bump the timeout. timeout = "30m"; # Uploads can take a while; bump the timeout.
})) }))
(secureService "totoro" "invoices.lukegb.com" (public { (secureService "totoro.int.as205479.net" "invoices.lukegb.com" (public {
regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$"; regex = "^/((third_party|ajax|client_area|pdf)/.*|[a-zA-Z0-9]{8})$";
tls_skip_verify = true; tls_skip_verify = true;
})) }))
(secureService "totoro" "invoices.lukegb.com" { (secureService "totoro.int.as205479.net" "invoices.lukegb.com" {
tls_skip_verify = true; tls_skip_verify = true;
}) })
(baseConfig // { (baseConfig // {
from = "https://httpbin.int.lukegb.com"; from = "https://httpbin.int.lukegb.com";
to = "https://verify.pomerium.com"; to = "https://verify.pomerium.com";
}) })
(service "bvm-twitterchiver:8080" "twitterchiver.int.lukegb.com" {}) (service "bvm-twitterchiver.int.as205479.net:8080" "twitterchiver.int.lukegb.com" {})
(service "bvm-twitterchiver:8080" "twitterchiver.lukegb.com" {}) (service "bvm-twitterchiver.int.as205479.net:8080" "twitterchiver.lukegb.com" {})
(service "bvm-nixosmgmt:4440" "rundeck.int.lukegb.com" { (service "bvm-nixosmgmt.int.as205479.net:4440" "rundeck.int.lukegb.com" {
set_request_headers = { set_request_headers = {
"X-Forwarded-Roles" = "pomerium"; "X-Forwarded-Roles" = "pomerium";
}; };
}) })
(service "bvm-ipfs:5001" "ipfs.int.lukegb.com" {}) (service "bvm-ipfs.int.as205479.net:5001" "ipfs.int.lukegb.com" {})
(service "bvm-ipfs:8080" "ipfs-gw.int.lukegb.com" {}) (service "bvm-ipfs.int.as205479.net:8080" "ipfs-gw.int.lukegb.com" {})
(service "bvm-netbox:80" "netbox.int.lukegb.com" {}) (service "bvm-netbox.int.as205479.net:80" "netbox.int.lukegb.com" {})
(service "localhost:9901" "envoy-debug.int.lukegb.com" {})
]; ];
}; };
}; };