add diaposine
This commit is contained in:
Kirill
@@ -0,0 +1,33 @@
|
|||||||
|
# Nginx для доступа к админке через Netbird
|
||||||
|
# Размещается на сервере в /etc/nginx/sites-available/craftshop-netbird
|
||||||
|
# с симлинком в /etc/nginx/sites-enabled/
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 100.109.3.6:80;
|
||||||
|
server_name 100.109.3.6;
|
||||||
|
|
||||||
|
root /opt/craftshop/www;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
|
location /api/ {
|
||||||
|
proxy_pass http://127.0.0.1:3333;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /uploads/ {
|
||||||
|
proxy_pass http://127.0.0.1:3333;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.html;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -202,6 +202,24 @@ if [[ "$changed_server" == true ]]; then
|
|||||||
remote_exec bash -lc "$DEPLOY_RESTART_CMD"
|
remote_exec bash -lc "$DEPLOY_RESTART_CMD"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo ">>> Настройка Nginx для Netbird-доступа к админке"
|
||||||
|
remote_exec bash -lc "set -e
|
||||||
|
if ! command -v nginx &>/dev/null; then
|
||||||
|
echo 'Установка nginx...'
|
||||||
|
apt-get update -qq && apt-get install -y -qq nginx
|
||||||
|
fi
|
||||||
|
mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled
|
||||||
|
rm -f /etc/nginx/sites-enabled/default
|
||||||
|
"
|
||||||
|
|
||||||
|
cat "$ROOT/scripts/craftshop-netbird.conf" | remote_exec tee /etc/nginx/sites-available/craftshop-netbird > /dev/null
|
||||||
|
|
||||||
|
remote_exec bash -lc "set -e
|
||||||
|
ln -sf /etc/nginx/sites-available/craftshop-netbird /etc/nginx/sites-enabled/
|
||||||
|
nginx -t && systemctl reload nginx || systemctl restart nginx
|
||||||
|
systemctl enable nginx
|
||||||
|
"
|
||||||
|
|
||||||
echo ">>> Сервер задеплоен"
|
echo ">>> Сервер задеплоен"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,6 @@ export function registerAuth(fastify) {
|
|||||||
|
|
||||||
if (allowedList.length > 0) {
|
if (allowedList.length > 0) {
|
||||||
const reqIp = normalizeIp(request.ip)
|
const reqIp = normalizeIp(request.ip)
|
||||||
request.log.info({ reqIp, rawIp: request.ip }, '[auth] admin IP check')
|
|
||||||
const isAllowed = allowedList.includes(reqIp) || allowedList.some((entry) => cidrMatch(reqIp, entry))
|
const isAllowed = allowedList.includes(reqIp) || allowedList.some((entry) => cidrMatch(reqIp, entry))
|
||||||
if (!isAllowed) {
|
if (!isAllowed) {
|
||||||
return reply.code(403).send({ error: 'Доступ с данного IP запрещён' })
|
return reply.code(403).send({ error: 'Доступ с данного IP запрещён' })
|
||||||
|
|||||||
Reference in New Issue
Block a user