55 lines
1.5 KiB
Django/Jinja
55 lines
1.5 KiB
Django/Jinja
{
|
|
servers :80,:443 {
|
|
protocols h1 h2c h2 h3
|
|
}
|
|
email vlad.stus@gmail.com
|
|
}
|
|
|
|
(security_headers) {
|
|
header * {
|
|
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
-Server
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|
|
}
|
|
|
|
{{ netbird_domain }} {
|
|
import security_headers
|
|
|
|
# Embedded IdP OAuth2 endpoints
|
|
reverse_proxy /oauth2/* management:80
|
|
reverse_proxy /.well-known/openid-configuration management:80
|
|
reverse_proxy /.well-known/jwks.json management:80
|
|
|
|
# NetBird Relay
|
|
reverse_proxy /relay* relay:80
|
|
|
|
# NetBird Signal (gRPC)
|
|
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
|
|
|
|
# NetBird Management API (gRPC)
|
|
reverse_proxy /management.ManagementService/* h2c://management:80
|
|
|
|
# NetBird Management REST API
|
|
reverse_proxy /api/* management:80
|
|
|
|
# Reconciler API (strip /reconciler prefix before proxying)
|
|
handle_path /reconciler/* {
|
|
reverse_proxy reconciler:{{ reconciler_port }}
|
|
}
|
|
|
|
# NetBird Dashboard (catch-all — must be last)
|
|
reverse_proxy /* dashboard:80
|
|
}
|
|
|
|
# =============================================================================
|
|
# Gitea
|
|
# =============================================================================
|
|
{{ gitea_domain }} {
|
|
import security_headers
|
|
reverse_proxy gitea:{{ gitea_http_port }}
|
|
}
|