8 Commits

Author	SHA1	Message	Date
Georg Pfuetzenreuter	c75e31c145	denc-webcluster: add ModSecurity adjustments ... With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 23:46:22 +01:00
Georg Pfuetzenreuter	37a1ec433a	denc-webcluster: nginx listen on HA addresses ... Accidentally configured to listen only internally. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 17:42:31 +01:00
Georg Pfuetzenreuter	2d5da24ce5	denc-webcluster: nginx AppArmor rules ... Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 16:39:49 +01:00
Georg Pfuetzenreuter	eac227d120	denc-webcluster: nginx config fixup ... - remove keys duplicated by include - repair wrong snippets include directory - repair wrong ip_hash option syntax Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 15:48:44 +01:00
Georg Pfuetzenreuter	533aedd864	denc-webcluster: enable keepalived script security ... Prevent script tampering. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 14:37:45 +01:00
Georg Pfuetzenreuter	7481741f95	denc-webcluster: allow http(s) publicly ... Public firewall rules were missing from initial import. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 14:33:34 +01:00
Georg Pfuetzenreuter	303b06ae8c	nemesis/hubris: import keepalived configuration ... Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 05:21:43 +01:00
Georg Pfuetzenreuter	eed4945a9f	nemesis/hubris: import nginx configuration ... Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 05:21:39 +01:00