diff --git a/actualbudget-system/actualbudget.yaml b/actualbudget-system/actualbudget.yaml index 50c69a8..cfb745d 100644 --- a/actualbudget-system/actualbudget.yaml +++ b/actualbudget-system/actualbudget.yaml @@ -99,7 +99,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: 50m nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/adventurelog-system/adventurelog.yaml b/adventurelog-system/adventurelog.yaml index 6f583ce..82bfceb 100644 --- a/adventurelog-system/adventurelog.yaml +++ b/adventurelog-system/adventurelog.yaml @@ -374,7 +374,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/arcade-system/romm.yaml b/arcade-system/romm.yaml index e0f525d..2ce42ff 100644 --- a/arcade-system/romm.yaml +++ b/arcade-system/romm.yaml @@ -293,7 +293,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/argocd-system/argocd-config.yaml b/argocd-system/argocd-config.yaml index 4477f29..69c4ced 100644 --- a/argocd-system/argocd-config.yaml +++ b/argocd-system/argocd-config.yaml @@ -11,7 +11,11 @@ metadata: external-dns.alpha.kubernetes.io/hostname: argocd.dooplex.hu,argocd.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/audiobookshelf-system/audiobookshelf.yaml b/audiobookshelf-system/audiobookshelf.yaml index 7c0e4f6..f33a3c7 100644 --- a/audiobookshelf-system/audiobookshelf.yaml +++ b/audiobookshelf-system/audiobookshelf.yaml @@ -137,7 +137,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/booking-system/booking.yaml b/booking-system/booking.yaml index c2aca76..7f738c3 100644 --- a/booking-system/booking.yaml +++ b/booking-system/booking.yaml @@ -407,7 +407,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-http-version: "1.1" nginx.ingress.kubernetes.io/proxy-set-headers: "booking-system/calcom-proxy-headers" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/bookstack-system/bookstack.yaml b/bookstack-system/bookstack.yaml index 049f767..27f3b42 100644 --- a/bookstack-system/bookstack.yaml +++ b/bookstack-system/bookstack.yaml @@ -340,7 +340,11 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/calibre-system/calibre.yaml b/calibre-system/calibre.yaml index 28f0073..bbd1155 100644 --- a/calibre-system/calibre.yaml +++ b/calibre-system/calibre.yaml @@ -254,7 +254,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: @@ -302,7 +306,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/code-system/code.yaml b/code-system/code.yaml index 1b7fb6c..85eff87 100644 --- a/code-system/code.yaml +++ b/code-system/code.yaml @@ -161,7 +161,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/crafty-system/crafty.yaml b/crafty-system/crafty.yaml index b980a06..5f2db7d 100644 --- a/crafty-system/crafty.yaml +++ b/crafty-system/crafty.yaml @@ -158,7 +158,11 @@ metadata: " nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/fileshare-system/gokapi.yaml b/fileshare-system/gokapi.yaml index 3844422..1dd97b3 100644 --- a/fileshare-system/gokapi.yaml +++ b/fileshare-system/gokapi.yaml @@ -159,7 +159,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/gitea-system/gitea.yaml b/gitea-system/gitea.yaml index bd92dc0..350d9e3 100644 --- a/gitea-system/gitea.yaml +++ b/gitea-system/gitea.yaml @@ -211,7 +211,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/glance-system/glance-kisfenyo.yaml b/glance-system/glance-kisfenyo.yaml index 79b4f4e..3c59f3b 100644 --- a/glance-system/glance-kisfenyo.yaml +++ b/glance-system/glance-kisfenyo.yaml @@ -2201,7 +2201,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/glance-system/glance-orsi.yaml b/glance-system/glance-orsi.yaml index ce8944e..6d57dfb 100644 --- a/glance-system/glance-orsi.yaml +++ b/glance-system/glance-orsi.yaml @@ -752,7 +752,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/headlamp-system/headlamp.yaml b/headlamp-system/headlamp.yaml index 8c9dcb8..f1739f5 100644 --- a/headlamp-system/headlamp.yaml +++ b/headlamp-system/headlamp.yaml @@ -347,7 +347,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } # Homepage integration annotations diff --git a/homepage-system/homepage.yaml b/homepage-system/homepage.yaml index 50797b8..51bbe11 100644 --- a/homepage-system/homepage.yaml +++ b/homepage-system/homepage.yaml @@ -716,7 +716,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } # Homepage auto-discovery annotation diff --git a/mon-system/monitoring.yaml b/mon-system/monitoring.yaml index 4a4a13a..dd9a8a0 100644 --- a/mon-system/monitoring.yaml +++ b/mon-system/monitoring.yaml @@ -573,7 +573,11 @@ metadata: external-dns.alpha.kubernetes.io/hostname: grafana.dooplex.hu,grafana.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/nextcloud-system/nextcloud.yaml b/nextcloud-system/nextcloud.yaml index 96bf16c..65eb9ab 100644 --- a/nextcloud-system/nextcloud.yaml +++ b/nextcloud-system/nextcloud.yaml @@ -760,7 +760,11 @@ metadata: nginx.ingress.kubernetes.io/configuration-snippet: | proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; media-src 'self'; frame-ancestors 'self' https://home.dooplex.hu https://orsi.dooplex.hu https://kisfenyo.dooplex.hu;" always; - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: nextcloud diff --git a/outline-system/outline.yaml b/outline-system/outline.yaml index c0c0023..33fada6 100644 --- a/outline-system/outline.yaml +++ b/outline-system/outline.yaml @@ -399,7 +399,11 @@ metadata: proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; add_header X-Frame-Options "ALLOW-FROM https://orsi.dooplex.hu" always; - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/paperless-system/paperless.yaml b/paperless-system/paperless.yaml index c34d821..082f497 100644 --- a/paperless-system/paperless.yaml +++ b/paperless-system/paperless.yaml @@ -344,7 +344,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/plantit-system/plantit.yaml b/plantit-system/plantit.yaml index d3c0b85..68a837d 100644 --- a/plantit-system/plantit.yaml +++ b/plantit-system/plantit.yaml @@ -321,7 +321,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/privatebin-system/privatebin.yaml b/privatebin-system/privatebin.yaml index b324461..d7cc09d 100644 --- a/privatebin-system/privatebin.yaml +++ b/privatebin-system/privatebin.yaml @@ -372,7 +372,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/servarr-system/servarr.yaml b/servarr-system/servarr.yaml index 2a21a2f..997b13f 100644 --- a/servarr-system/servarr.yaml +++ b/servarr-system/servarr.yaml @@ -390,7 +390,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: prowlarr @@ -441,7 +445,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: radarr @@ -491,7 +499,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: sonarr @@ -541,7 +553,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: qbittorrent @@ -772,7 +788,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: radarrkids @@ -939,7 +959,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } name: seerr diff --git a/tandoor-system/tandoor.yaml b/tandoor-system/tandoor.yaml index d3e1c5d..34cbf88 100644 --- a/tandoor-system/tandoor.yaml +++ b/tandoor-system/tandoor.yaml @@ -225,7 +225,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: 128m nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/termix-system/termix.yaml b/termix-system/termix.yaml index a6c536a..760e93f 100644 --- a/termix-system/termix.yaml +++ b/termix-system/termix.yaml @@ -120,7 +120,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/uptimekuma-system/uptimekuma.yaml b/uptimekuma-system/uptimekuma.yaml index 078a0b8..8a10c41 100644 --- a/uptimekuma-system/uptimekuma.yaml +++ b/uptimekuma-system/uptimekuma.yaml @@ -110,7 +110,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/vaultwarden-system/vaultwarden.yaml b/vaultwarden-system/vaultwarden.yaml index bb21f9d..c11f9ed 100644 --- a/vaultwarden-system/vaultwarden.yaml +++ b/vaultwarden-system/vaultwarden.yaml @@ -162,7 +162,11 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: diff --git a/wanderer-system/wanderer.yaml b/wanderer-system/wanderer.yaml index 4e620bd..63c702b 100644 --- a/wanderer-system/wanderer.yaml +++ b/wanderer-system/wanderer.yaml @@ -298,7 +298,11 @@ metadata: # optional, only if you actually use external-dns: external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/web-system/web.yaml b/web-system/web.yaml index 718b278..5711682 100644 --- a/web-system/web.yaml +++ b/web-system/web.yaml @@ -245,7 +245,11 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: @@ -474,7 +478,11 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: web.dooplex.hu nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/workout-system/workout.yaml b/workout-system/workout.yaml index 1cc6790..5ba99fb 100644 --- a/workout-system/workout.yaml +++ b/workout-system/workout.yaml @@ -436,7 +436,11 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: diff --git a/zipline-system/zipline.yaml b/zipline-system/zipline.yaml index 39cdc4f..e372996 100644 --- a/zipline-system/zipline.yaml +++ b/zipline-system/zipline.yaml @@ -131,7 +131,11 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($geoip2_country_code != "HU") { + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } spec: