restrict domains based on port

nginx/vars.yaml

@@ -1,58 +1,89 @@
 terminate_ssl:
-  - external_domain: octoprint.reeseapps.com
-    external_port: 443
-    internal_domain: replicator.reeselink.com
-    internal_port: 443
-    internal_protocol: https
-  - external_domain: truenas.reeseapps.com
-    external_port: 443
-    internal_domain: driveripper.reeselink.com
-    internal_port: 8443
-    internal_protocol: https
-  - external_domain: pihole-yellow.reeseapps.com
-    external_port: 443
-    internal_domain: yellow.reeselink.com
-    internal_port: 8081
-    internal_protocol: http
-  - external_domain: pihole-orange.reeseapps.com
-    external_port: 443
-    internal_domain: orange.reeselink.com
-    internal_port: 8081
-    internal_protocol: http
-  - external_domain: yellow.reeseapps.com
-    external_port: 443
-    internal_domain: yellow.reeselink.com
-    internal_port: 9090
-    internal_protocol: https
-  - external_domain: orange.reeseapps.com
-    external_port: 443
-    internal_domain: orange.reeselink.com
-    internal_port: 9090
-    internal_protocol: https
-  - external_domain: node1.reeseapps.com
-    external_port: 443
-    internal_domain: node1.reeselink.com
-    internal_port: 9090
-    internal_protocol: https
-  - external_domain: node2.reeseapps.com
-    external_port: 443
-    internal_domain: node2.reeselink.com
-    internal_port: 9090
-    internal_protocol: https
-  - external_domain: node3.reeseapps.com
-    external_port: 443
-    internal_domain: node3.reeselink.com
-    internal_port: 9090
-    internal_protocol: https
+  - external:
+      domain: octoprint.reeseapps.com
+      port: 443
+    internal:
+      domain: replicator.reeselink.com
+      port: 443
+      protocol: https
+    restricted: true
+  - external:
+      domain: truenas.reeseapps.com
+      port: 443
+    internal:
+      domain: driveripper.reeselink.com
+      port: 8443
+      protocol: https
+    restricted: false
+  - external:
+      domain: pihole-yellow.reeseapps.com
+      port: 443
+    internal:
+      domain: yellow.reeselink.com
+      port: 8081
+      protocol: http
+    restricted: true
+  - external:
+      domain: pihole-orange.reeseapps.com
+      port: 443
+    internal:
+      domain: orange.reeselink.com
+      port: 8081
+      protocol: http
+    restricted: true
+  - external:
+      domain: yellow.reeseapps.com
+      port: 443
+    internal:
+      domain: yellow.reeselink.com
+      port: 9090
+      protocol: https
+    restricted: true
+  - external:
+      domain: orange.reeseapps.com
+      port: 443
+    internal:
+      domain: orange.reeselink.com
+      port: 9090
+      protocol: https
+    restricted: true
+  - external:
+      domain: node1.reeseapps.com
+      port: 443
+    internal:
+      domain: node1.reeselink.com
+      port: 9090
+      protocol: https
+    restricted: true
+  - external:
+      domain: node2.reeseapps.com
+      port: 443
+    internal:
+      domain: node2.reeselink.com
+      port: 9090
+      protocol: https
+    restricted: true
+  - external:
+      domain: node3.reeseapps.com
+      port: 443
+    internal:
+      domain: node3.reeselink.com
+      port: 9090
+      protocol: https
+    restricted: true
 stream_ssl:
-  - external_domain: nextcloud-aio.reeseapps.com
-    external_port: 443
-    internal_domain: nextcloud-aio.reeselink.com
-    internal_port: 443
-  - external_domain: containers.reeseapps.com
-    external_port: 443
-    internal_domain: node1.reeselink.com
-    internal_port: 6443
+  - external:
+      domain: nextcloud-aio.reeseapps.com
+      port: 443
+    internal:
+      domain: nextcloud-aio.reeselink.com
+      port: 443
+  - external:
+      domain: containers.reeseapps.com
+      port: 443
+    internal:
+      domain: node1.reeselink.com
+      port: 6443
 nextcloud:
   domain: nextcloud-aio.reeseapps.com
 nginx:
@@ -62,3 +93,4 @@ iperf:
   domain: lb.reeselink.com
 unifi_external:
   domain: unifi-server1.reeselink.com
+internal_ip: 10.1.0.0/16