diff --git a/03frontends.cfg b/03frontends.cfg index 841bcaa..31e38a4 100644 --- a/03frontends.cfg +++ b/03frontends.cfg @@ -305,6 +305,7 @@ frontend frontend_default acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net acl archive hdr(host) -i sysadmin-bookmarks.archive.benoit.jp.net + acl beszel hdr(host) -i beszel.benoit.jp.net acl forgejo hdr(host) -i forgejo.benoit.jp.net acl kanboard hdr(host) -i kanboard.benoit.jp.net acl laminar hdr(host) -i laminar.benoit.jp.net @@ -324,6 +325,7 @@ frontend frontend_default acl allowed_ips src 5.78.92.102 2a01:4ff:1f0:c14e::1 http-request deny if adguard !JP !SG !letsencrypt !allowed_ips + http-request deny if beszel !JP !SG !letsencrypt !allowed_ips http-request deny if kanboard !JP !SG !letsencrypt !allowed_ips http-request deny if mailcow !JP !SG !letsencrypt !allowed_ips http-request deny if mailcow-backup !JP !SG !letsencrypt !allowed_ips @@ -334,6 +336,7 @@ frontend frontend_default use_backend adguard if adguard use_backend archive if archive + use_backend beszel if beszel use_backend forgejo if forgejo use_backend kanboard if kanboard use_backend laminar if laminar diff --git a/05backends.cfg b/05backends.cfg index a38f805..5c69848 100644 --- a/05backends.cfg +++ b/05backends.cfg @@ -148,6 +148,16 @@ backend mailcow-backup http-response set-header Cross-Origin-Resource-Policy "same-origin" server mailcow-backup mxmon:443 check ssl verify none +backend beszel + # set HSTS for one year after all responses + http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # add some Security headers + http-response set-header X-Frame-Options "SAMEORIGIN" + http-response set-header X-Content-Type-Options "nosniff" + http-response set-header Referrer-Policy "strict-origin-when-cross-origin" + http-response set-header Cross-Origin-Resource-Policy "same-origin" + server beszel beszel.incus:8090 check + backend uptime-kuma # set HSTS for one year after all responses http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"