Disable access except to my IP address
This commit is contained in:
parent
74b5323aa3
commit
0d053edcfe
4 changed files with 8 additions and 13 deletions
2
Makefile
2
Makefile
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
define CONFIG_MSG =
|
define CONFIG_MSG =
|
||||||
|
|
||||||
You do not have a config.mk file.
|
You do not have a config.mk file, or the one you have is out of date.
|
||||||
|
|
||||||
Please run "./configure" or copy `config.mk.in` to `config.mk` and edit its settings
|
Please run "./configure" or copy `config.mk.in` to `config.mk` and edit its settings
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@ social:
|
||||||
mastodon_sidekiq_count: {{MASTODON_SIDEKIQ_COUNT}}
|
mastodon_sidekiq_count: {{MASTODON_SIDEKIQ_COUNT}}
|
||||||
mastodon_sidekiq_threads: {{MASTODON_SIDEKIQ_THREADS}}
|
mastodon_sidekiq_threads: {{MASTODON_SIDEKIQ_THREADS}}
|
||||||
public_ip: "{{PUBLIC_IP}}"
|
public_ip: "{{PUBLIC_IP}}"
|
||||||
|
my_ip: "{{MY_IP}}"
|
||||||
s3_bucket_name: "{{S3_BUCKET_NAME}}"
|
s3_bucket_name: "{{S3_BUCKET_NAME}}"
|
||||||
#s3_endpoint:
|
#s3_endpoint:
|
||||||
s3_hostname: "s3.{{AWS_REGION}}.amazonaws.com"
|
s3_hostname: "s3.{{AWS_REGION}}.amazonaws.com"
|
||||||
|
|
|
@ -33,18 +33,12 @@ server {
|
||||||
listen 8448 ssl http2 default_server;
|
listen 8448 ssl http2 default_server;
|
||||||
listen [::]:8448 ssl http2 default_server;
|
listen [::]:8448 ssl http2 default_server;
|
||||||
|
|
||||||
# ssl_protocols TLSv1.2 TLSv1.3;
|
allow {{ my_ip }}/32;
|
||||||
# ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
deny all;
|
||||||
# ssl_prefer_server_ciphers on;
|
|
||||||
# ssl_session_cache shared:SSL:10m;
|
|
||||||
# ssl_session_tickets off;
|
|
||||||
|
|
||||||
# Uncomment these lines once you acquire a certificate:
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain_name }}/chain.pem;
|
||||||
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
|
||||||
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/www.poorsquinky.com-0002/chain.pem;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.poorsquinky.com-0002/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.poorsquinky.com-0002/privkey.pem;
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
|
@ -12,7 +12,7 @@ output "nameservers" {
|
||||||
output "s3_bucket_name" {
|
output "s3_bucket_name" {
|
||||||
value = module.s3_bucket.s3_bucket_id
|
value = module.s3_bucket.s3_bucket_id
|
||||||
}
|
}
|
||||||
output "myip" {
|
output "my_ip" {
|
||||||
value = "${chomp(data.http.myip.body)}"
|
value = "${chomp(data.http.myip.body)}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue