Add adguard

2024-11-27 21:28:44 +09:00 · 2024-11-27 21:28:44 +09:00 · cd3295c3f4
commit cd3295c3f4
parent c55a1fca17
3 changed files with 31 additions and 13 deletions
--- a/03frontends.cfg
+++ b/03frontends.cfg
@ -298,6 +298,7 @@ frontend frontend_default

  acl letsencrypt path_beg /.well-known/acme-challenge/

+  acl adguard hdr(host) -i adguard.benoit.jp.net
  acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net
  acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net
  acl archive hdr(host) -i sysadmin-bookmarks.archive.benoit.jp.net
@ -305,8 +306,10 @@ frontend frontend_default
  acl laminar hdr(host) -i laminar.benoit.jp.net
  acl linkding hdr(host) -i linkding.benoit.jp.net
  acl mastodon hdr(host) -i mastodon.benoit.jp.net
-  #http-request deny if dns !JP !SG !letsencrypt

+  http-request deny if adguard !JP !letsencrypt
+
+  use_backend adguard if adguard
  use_backend archive if archive
  use_backend forgejo if forgejo
  use_backend laminar if laminar
--- a/04listen.cfg
+++ b/04listen.cfg
@ -1,10 +1,13 @@
 # Listens (frontend and backend combined)
-  listen ssh
-    bind :22
-    bind :::22 v6only
-      mode tcp
-      option tcplog
-    server git-ssh forgejo.incus:10022 send-proxy check
+# Forgejo
+listen ssh
+  bind :22
+  bind :::22 v6only
+    mode tcp
+    option tcplog
+  server git-ssh forgejo.incus:10022 send-proxy check
+
+# Mailcow
 #  listen smtp
 #    bind :25
 #    bind :::25 v6only
@ -29,9 +32,11 @@
 #      mode tcp
 #      option tcplog
 #    server mail 10.78.127.231:14190 send-proxy
-#  listen adguard-dot
-#    bind :853
-#    bind :::853 v6only
-#      mode tcp
-#      option tcplog
-#    server adguard 10.78.127.201:10853 send-proxy
+
+# Adguard
+listen adguard-dot
+    bind :853
+    bind :::853 v6only
+      mode tcp
+      option tcplog
+    server adguard adguard.incus:10853 send-proxy
--- a/05backends.cfg
+++ b/05backends.cfg
@ -54,3 +54,13 @@ backend archive
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server archive archive.incus:80 check
+
+backend adguard
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server adguard adguard.incus:3000 check