jasmine/dotfiles.nix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

trust cloudflare forward headers

Browse source
This commit is contained in:
♥ Minnie ♥ 2023-11-20 12:07:15 +08:00
parent 844d3e8628
commit eedca01074
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
nixos/viridian/services/traefik/default.nix
View file

@ -73,6 +73,24 @@
# Hypertext Transfer Protocol Secure # Hypertext Transfer Protocol Secure
websecure = { websecure = {
address = ":443"; address = ":443";
# Trust cloudflares forwarded header information
forwardedHeaders.trustedIPs = [
"173.245.48.0/20"
"103.21.244.0/22"
"103.22.200.0/22"
"103.31.4.0/22"
"141.101.64.0/18"
"108.162.192.0/18"
"190.93.240.0/20"
"188.114.96.0/20"
"197.234.240.0/22"
"198.41.128.0/17"
"162.158.0.0/15"
"172.64.0.0/13"
"131.0.72.0/22"
"104.16.0.0/13"
"104.24.0.0/14"
];
# Requests wildcard SSL certs for our services # Requests wildcard SSL certs for our services
http.tls = { http.tls = {
certResolver = "lets-encrypt"; certResolver = "lets-encrypt";