Add beszel

03frontends.cfg

@@ -305,6 +305,7 @@ frontend frontend_default
   acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net
   acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net
   acl archive hdr(host) -i sysadmin-bookmarks.archive.benoit.jp.net
+  acl beszel hdr(host) -i beszel.benoit.jp.net
   acl forgejo hdr(host) -i forgejo.benoit.jp.net
   acl kanboard hdr(host) -i kanboard.benoit.jp.net
   acl laminar hdr(host) -i laminar.benoit.jp.net
@@ -324,6 +325,7 @@ frontend frontend_default
   acl allowed_ips src 5.78.92.102 2a01:4ff:1f0:c14e::1
 
   http-request deny if adguard !JP !SG !letsencrypt !allowed_ips
+  http-request deny if beszel !JP !SG !letsencrypt !allowed_ips
   http-request deny if kanboard !JP !SG !letsencrypt !allowed_ips
   http-request deny if mailcow !JP !SG !letsencrypt !allowed_ips
   http-request deny if mailcow-backup !JP !SG !letsencrypt !allowed_ips
@@ -334,6 +336,7 @@ frontend frontend_default
 
   use_backend adguard if adguard
   use_backend archive if archive
+  use_backend beszel if beszel
   use_backend forgejo if forgejo
   use_backend kanboard if kanboard
   use_backend laminar if laminar

05backends.cfg

@@ -148,6 +148,16 @@ backend mailcow-backup
   http-response set-header Cross-Origin-Resource-Policy "same-origin"
   server mailcow-backup mxmon:443 check ssl verify none
 
+backend beszel
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server beszel beszel.incus:8090 check
+
 backend uptime-kuma
   # set HSTS for one year after all responses
   http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"