PROD5 for Micinas
This commit is contained in:
hubaceks
@@ -24,7 +24,8 @@ def validate_service(data: dict, source: Path) -> None:
|
||||
raise ValueError(f"{source.name}: missing required key '{key}'")
|
||||
|
||||
svc_type = data["type"]
|
||||
if svc_type not in {"static", "proxy"}:
|
||||
|
||||
if svc_type not in {"static", "proxy", "redirect"}:
|
||||
raise ValueError(f"{source.name}: unsupported type '{svc_type}'")
|
||||
|
||||
if svc_type == "static" and "root" not in data:
|
||||
@@ -33,6 +34,9 @@ def validate_service(data: dict, source: Path) -> None:
|
||||
if svc_type == "proxy" and "backend" not in data:
|
||||
raise ValueError(f"{source.name}: proxy service requires 'backend'")
|
||||
|
||||
if svc_type == "redirect" and "target" not in data:
|
||||
raise ValueError(f"{source.name}: redirect service requires 'target'")
|
||||
|
||||
|
||||
def render_service(env: Environment, data: dict) -> str:
|
||||
svc_type = data["type"]
|
||||
@@ -43,6 +47,13 @@ def render_service(env: Environment, data: dict) -> str:
|
||||
"real_ip": False,
|
||||
"health_uri": None,
|
||||
"health_interval": None,
|
||||
"internal": False,
|
||||
"internal_ranges": [
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
],
|
||||
"redirect_code": 301,
|
||||
}
|
||||
|
||||
merged = {**defaults, **data}
|
||||
@@ -51,6 +62,10 @@ def render_service(env: Environment, data: dict) -> str:
|
||||
template = env.get_template("static.caddy.j2")
|
||||
return template.render(**merged).strip() + "\n"
|
||||
|
||||
if svc_type == "redirect":
|
||||
template = env.get_template("redirect.caddy.j2")
|
||||
return template.render(**merged).strip() + "\n"
|
||||
|
||||
reverse_proxy_block = any(
|
||||
[
|
||||
merged.get("real_ip"),
|
||||
|
||||
@@ -5,6 +5,12 @@
|
||||
{% if auth %}
|
||||
import common_auth
|
||||
{% endif %}
|
||||
{% if internal %}
|
||||
@internal {
|
||||
remote_ip {% for range in internal_ranges %}{{ range }}{% if not loop.last %} {% endif %}{% endfor %}
|
||||
}
|
||||
|
||||
handle @internal {
|
||||
{% if reverse_proxy_block %}
|
||||
reverse_proxy {{ backend }} {
|
||||
{% if real_ip %}
|
||||
@@ -19,5 +25,27 @@
|
||||
}
|
||||
{% else %}
|
||||
reverse_proxy {{ backend }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
handle {
|
||||
respond "Forbidden" 403
|
||||
}
|
||||
{% else %}
|
||||
{% if reverse_proxy_block %}
|
||||
reverse_proxy {{ backend }} {
|
||||
{% if real_ip %}
|
||||
header_up X-Real-IP {remote_host}
|
||||
{% endif %}
|
||||
{% if health_uri %}
|
||||
health_uri {{ health_uri }}
|
||||
{% endif %}
|
||||
{% if health_interval %}
|
||||
health_interval {{ health_interval }}
|
||||
{% endif %}
|
||||
}
|
||||
{% else %}
|
||||
reverse_proxy {{ backend }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
3
templates/redirect.caddy.j2
Normal file
3
templates/redirect.caddy.j2
Normal file
@@ -0,0 +1,3 @@
|
||||
{{ domain }} {
|
||||
redir {{ target }} {{ code | default(redirect_code) }}
|
||||
}
|
||||
Reference in New Issue
Block a user