diff --git a/actualbudget-system/actualbudget.yaml b/actualbudget-system/actualbudget.yaml index 06867d0..d35b047 100644 --- a/actualbudget-system/actualbudget.yaml +++ b/actualbudget-system/actualbudget.yaml @@ -98,6 +98,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: actualbudget.dooplex.hu,actualbudget.home nginx.ingress.kubernetes.io/proxy-body-size: 50m nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: actualbudget app.kubernetes.io/name: actualbudget diff --git a/adventurelog-system/adventurelog.yaml b/adventurelog-system/adventurelog.yaml index 6ec96ea..a1c1b9b 100644 --- a/adventurelog-system/adventurelog.yaml +++ b/adventurelog-system/adventurelog.yaml @@ -373,6 +373,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/arcade-system/romm.yaml b/arcade-system/romm.yaml index c8dad16..8e56979 100644 --- a/arcade-system/romm.yaml +++ b/arcade-system/romm.yaml @@ -292,6 +292,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "5g" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/argocd-system/argocd-config.yaml b/argocd-system/argocd-config.yaml index 9f887e9..0808105 100644 --- a/argocd-system/argocd-config.yaml +++ b/argocd-system/argocd-config.yaml @@ -10,6 +10,10 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: argocd.dooplex.hu,argocd.home nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/audiobookshelf-system/audiobookshelf.yaml b/audiobookshelf-system/audiobookshelf.yaml index 3f184be..f5ec38e 100644 --- a/audiobookshelf-system/audiobookshelf.yaml +++ b/audiobookshelf-system/audiobookshelf.yaml @@ -136,6 +136,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf diff --git a/booking-system/booking.yaml b/booking-system/booking.yaml index 6535794..6b0463e 100644 --- a/booking-system/booking.yaml +++ b/booking-system/booking.yaml @@ -407,6 +407,10 @@ metadata: # Required for WebSocket connections (if using Cal.com video) nginx.ingress.kubernetes.io/proxy-http-version: "1.1" nginx.ingress.kubernetes.io/proxy-set-headers: "booking-system/calcom-proxy-headers" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/bookstack-system/bookstack.yaml b/bookstack-system/bookstack.yaml index 5b299d2..0a57e98 100644 --- a/bookstack-system/bookstack.yaml +++ b/bookstack-system/bookstack.yaml @@ -339,6 +339,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: bookstack.dooplex.hu,bookstack.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: bookstack app.kubernetes.io/name: bookstack diff --git a/calibre-system/calibre.yaml b/calibre-system/calibre.yaml index 568e884..7982773 100644 --- a/calibre-system/calibre.yaml +++ b/calibre-system/calibre.yaml @@ -253,6 +253,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: @@ -297,6 +301,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/code-system/code.yaml b/code-system/code.yaml index a527741..de2d48e 100644 --- a/code-system/code.yaml +++ b/code-system/code.yaml @@ -160,6 +160,10 @@ metadata: nginx.ingress.kubernetes.io/auth-signin: https://code.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/crafty-system/crafty.yaml b/crafty-system/crafty.yaml index 162f1bf..a38bb1d 100644 --- a/crafty-system/crafty.yaml +++ b/crafty-system/crafty.yaml @@ -156,6 +156,10 @@ metadata: nginx.ingress.kubernetes.io/auth-snippet: 'proxy_set_header X-Forwarded-Host $http_host; ' + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/fileshare-system/gokapi.yaml b/fileshare-system/gokapi.yaml index b274dfa..c0718a4 100644 --- a/fileshare-system/gokapi.yaml +++ b/fileshare-system/gokapi.yaml @@ -158,6 +158,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "1g" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/gitea-system/gitea.yaml b/gitea-system/gitea.yaml index f756131..72ea300 100644 --- a/gitea-system/gitea.yaml +++ b/gitea-system/gitea.yaml @@ -210,6 +210,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: gitea.dooplex.hu,gitea.home nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea diff --git a/glance-system/glance-kisfenyo.yaml b/glance-system/glance-kisfenyo.yaml index 0d01c14..7dc5f96 100644 --- a/glance-system/glance-kisfenyo.yaml +++ b/glance-system/glance-kisfenyo.yaml @@ -2200,6 +2200,10 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/glance-system/glance-orsi.yaml b/glance-system/glance-orsi.yaml index 96d4aa5..93d6f48 100644 --- a/glance-system/glance-orsi.yaml +++ b/glance-system/glance-orsi.yaml @@ -751,6 +751,10 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/headlamp-system/headlamp.yaml b/headlamp-system/headlamp.yaml index 9b6fb59..d5ad81f 100644 --- a/headlamp-system/headlamp.yaml +++ b/headlamp-system/headlamp.yaml @@ -346,6 +346,10 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } # Homepage integration annotations gethomepage.dev/enabled: "true" gethomepage.dev/name: "Headlamp" diff --git a/homepage-system/homepage.yaml b/homepage-system/homepage.yaml index 6c5f5ae..4fd4568 100644 --- a/homepage-system/homepage.yaml +++ b/homepage-system/homepage.yaml @@ -715,6 +715,10 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } # Homepage auto-discovery annotation gethomepage.dev/enabled: "true" gethomepage.dev/name: "Homepage" diff --git a/mon-system/monitoring.yaml b/mon-system/monitoring.yaml index 1b4d16a..10d2222 100644 --- a/mon-system/monitoring.yaml +++ b/mon-system/monitoring.yaml @@ -570,6 +570,10 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: grafana.dooplex.hu,grafana.home nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/nextcloud-system/nextcloud.yaml b/nextcloud-system/nextcloud.yaml index 1cd021b..943abea 100644 --- a/nextcloud-system/nextcloud.yaml +++ b/nextcloud-system/nextcloud.yaml @@ -763,6 +763,9 @@ metadata: nginx.ingress.kubernetes.io/configuration-snippet: | proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; media-src 'self'; frame-ancestors 'self' https://home.dooplex.hu https://orsi.dooplex.hu https://kisfenyo.dooplex.hu;" always; + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: nextcloud namespace: nextcloud-system spec: diff --git a/outline-system/outline.yaml b/outline-system/outline.yaml index ccc1460..a89605c 100644 --- a/outline-system/outline.yaml +++ b/outline-system/outline.yaml @@ -399,6 +399,9 @@ metadata: proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; add_header X-Frame-Options "ALLOW-FROM https://orsi.dooplex.hu" always; + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: outline app.kubernetes.io/name: outline diff --git a/paperless-system/paperless.yaml b/paperless-system/paperless.yaml index 9630372..1186924 100644 --- a/paperless-system/paperless.yaml +++ b/paperless-system/paperless.yaml @@ -343,6 +343,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: paperless app.kubernetes.io/name: paperless diff --git a/plantit-system/plantit.yaml b/plantit-system/plantit.yaml index 8eb8aef..a5954fd 100644 --- a/plantit-system/plantit.yaml +++ b/plantit-system/plantit.yaml @@ -320,6 +320,10 @@ metadata: nginx.ingress.kubernetes.io/auth-signin: https://plantit.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/privatebin-system/privatebin.yaml b/privatebin-system/privatebin.yaml index f092d4c..ccb2952 100644 --- a/privatebin-system/privatebin.yaml +++ b/privatebin-system/privatebin.yaml @@ -371,6 +371,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/servarr-system/servarr.yaml b/servarr-system/servarr.yaml index 5d68116..791785f 100644 --- a/servarr-system/servarr.yaml +++ b/servarr-system/servarr.yaml @@ -389,6 +389,10 @@ metadata: nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: prowlarr namespace: servarr-system spec: @@ -436,6 +440,10 @@ metadata: nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: radarr namespace: servarr-system spec: @@ -482,6 +490,10 @@ metadata: nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: sonarr namespace: servarr-system spec: @@ -528,6 +540,10 @@ metadata: nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: qbittorrent namespace: servarr-system spec: @@ -755,6 +771,10 @@ metadata: nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: radarrkids namespace: servarr-system spec: @@ -918,6 +938,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: seerr.dooplex.hu,seerr.home nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } name: seerr namespace: servarr-system spec: diff --git a/tandoor-system/tandoor.yaml b/tandoor-system/tandoor.yaml index 7e187e6..e8676a6 100644 --- a/tandoor-system/tandoor.yaml +++ b/tandoor-system/tandoor.yaml @@ -224,6 +224,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: tandoor.dooplex.hu,tandoor.home nginx.ingress.kubernetes.io/proxy-body-size: 128m nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: tandoor app.kubernetes.io/name: tandoor diff --git a/termix-system/termix.yaml b/termix-system/termix.yaml index d52c3fe..1e70cc9 100644 --- a/termix-system/termix.yaml +++ b/termix-system/termix.yaml @@ -119,6 +119,10 @@ metadata: # WebSocket support for SSH terminal nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/uptimekuma-system/uptimekuma.yaml b/uptimekuma-system/uptimekuma.yaml index 309b4f6..1ad0ef2 100644 --- a/uptimekuma-system/uptimekuma.yaml +++ b/uptimekuma-system/uptimekuma.yaml @@ -109,6 +109,10 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: uptimekuma app.kubernetes.io/name: uptimekuma diff --git a/vaultwarden-system/vaultwarden.yaml b/vaultwarden-system/vaultwarden.yaml index 0f33ae2..1327cfb 100644 --- a/vaultwarden-system/vaultwarden.yaml +++ b/vaultwarden-system/vaultwarden.yaml @@ -161,6 +161,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: vaultwarden.dooplex.hu,vaultwarden.home nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden diff --git a/wanderer-system/wanderer.yaml b/wanderer-system/wanderer.yaml index a059af5..ef61293 100644 --- a/wanderer-system/wanderer.yaml +++ b/wanderer-system/wanderer.yaml @@ -297,6 +297,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "100m" # optional, only if you actually use external-dns: external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/web-system/web.yaml b/web-system/web.yaml index 1730438..1cd7fef 100644 --- a/web-system/web.yaml +++ b/web-system/web.yaml @@ -244,6 +244,10 @@ metadata: nginx.ingress.kubernetes.io/auth-response-headers: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: @@ -469,6 +473,10 @@ metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: web.dooplex.hu + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: diff --git a/workout-system/workout.yaml b/workout-system/workout.yaml index f99995e..55e208e 100644 --- a/workout-system/workout.yaml +++ b/workout-system/workout.yaml @@ -435,6 +435,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: workout.dooplex.hu,workout.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal rules: diff --git a/zipline-system/zipline.yaml b/zipline-system/zipline.yaml index da1000d..9e87cd8 100644 --- a/zipline-system/zipline.yaml +++ b/zipline-system/zipline.yaml @@ -130,6 +130,10 @@ metadata: external-dns.alpha.kubernetes.io/hostname: zipline.dooplex.hu,zipline.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($geoip2_city_country_code != "HU") { + return 403 "Access restricted to Hungary"; + } spec: ingressClassName: nginx-internal tls: