chore: update firewall rules

2025-12-06 04:22:07 +00:00 · 2024-10-19 01:57:43 +04:00
parent d6db6bc49c
commit ff1a9035ff
2 changed files with 12 additions and 5 deletions
--- a/docker/production.yml
+++ b/docker/production.yml
@@ -32,6 +32,13 @@ services:
            - --providers.docker.exposedByDefault=false
            - --entrypoints.web.address=:80
            - --entrypoints.websecure.address=:443
+            - --entrypoints.web.transport.lifeCycle.requestAcceptGraceTimeout=60s
+            - --entrypoints.web.proxyProtocol.trustedIPs=10.0.0.0/8
+            - --entrypoints.websecure.transport.lifeCycle.requestAcceptGraceTimeout=60s
+            - --entrypoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8
+            - --entryPoints.websecure.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17
+            - --ping
+            - --ping.entryPoint=web
            - --entrypoints.web.http.redirections.entrypoint.to=websecure
            - --entrypoints.web.http.redirections.entrypoint.scheme=https
            - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
--- a/terraform/modules/digitalocean/droplets.tf
+++ b/terraform/modules/digitalocean/droplets.tf
@@ -96,10 +96,10 @@ resource "digitalocean_droplet" "manager" {
 resource "digitalocean_loadbalancer" "public" {
  name        = "${var.project_name}-${var.region}-${var.environment}"
  region      = var.region
-  size_unit   = var.loadbalancer_size_unit
-  project_id  = digitalocean_project.appwrite_cloud.id
+  size_unit   =  1
+  project_id  = digitalocean_project.homepage.id
  vpc_uuid    = digitalocean_vpc.subnet.id
-  droplet_ids = digitalocean_droplet.loadbalancer_v3.*.id
+  droplet_ids = digitalocean_droplet.manager.*.id

  redirect_http_to_https   = false
  enable_backend_keepalive = true
@@ -109,7 +109,7 @@ resource "digitalocean_loadbalancer" "public" {
    entry_port     = 80
    entry_protocol = "http"

-    target_port     = 8080
+    target_port     = 80
    target_protocol = "http"
  }

@@ -117,7 +117,7 @@ resource "digitalocean_loadbalancer" "public" {
    entry_port     = 443
    entry_protocol = "http2"

-    target_port     = 8443
+    target_port     = 443
    target_protocol = "http2"

    tls_passthrough = true