diff --git a/bin/ncproxy/specs/swagger.yaml b/bin/ncproxy/specs/swagger.yaml index b4f169fe6..6caab776f 100644 --- a/bin/ncproxy/specs/swagger.yaml +++ b/bin/ncproxy/specs/swagger.yaml @@ -112,6 +112,12 @@ components: description: The path Target: $ref: '#/components/schemas/LocationTarget' + AllowedIps: + type: array + items: + type: string + description: Allowed ip addr + nullable: true Headers: type: array items: diff --git a/bin/ncproxy/src/models/template.rs b/bin/ncproxy/src/models/template.rs index 228efd97d..1302e8c3a 100644 --- a/bin/ncproxy/src/models/template.rs +++ b/bin/ncproxy/src/models/template.rs @@ -7,6 +7,9 @@ pub struct LocationTemplate { pub path: String, pub upstream_key: String, pub redirect: Option, + pub allowed_ips: Option>, + pub version: Option, + pub headers: Option>, } pub struct Template<'a> { diff --git a/bin/ncproxy/src/models/templates/http.conf b/bin/ncproxy/src/models/templates/http.conf index 376472923..a97f116d9 100644 --- a/bin/ncproxy/src/models/templates/http.conf +++ b/bin/ncproxy/src/models/templates/http.conf @@ -26,7 +26,9 @@ server { {% if hide_upstream %} {% else %} {% for location in locations %} - location {{ location.path }} { + location {{ location.path }} { {% if location.headers %}{% for header in location.headers %} + proxy_set_header {{ header }}; + {% endfor %}{% endif %}{% if location.version %}proxy_http_version {{ location.version }};{% endif %} {% if location.redirect %} return {{ location.redirect }} {{ location.upstream_key }}; {% else %} @@ -37,6 +39,9 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_pass {{ location.upstream_key }}/; {% endif %} + {% if location.allowed_ips %}{% for allowed_ip in location.allowed_ips %} + allow {{ allowed_ip }}; + {% endfor %}deny all;{% endif %} } {% endfor %} {% endif %} diff --git a/bin/ncproxy/src/utils/nginx.rs b/bin/ncproxy/src/utils/nginx.rs index 2fd2c00fc..4af38cf5e 100644 --- a/bin/ncproxy/src/utils/nginx.rs +++ b/bin/ncproxy/src/utils/nginx.rs @@ -182,6 +182,9 @@ pub async fn add_rule( path: location.path.clone(), upstream_key: format!("http://{upstream_key}"), redirect: None, + version: location.version, + allowed_ips: location.allowed_ips.clone(), + headers: location.headers.clone(), }; locations.push(location); } @@ -196,6 +199,9 @@ pub async fn add_rule( path: location.path.clone(), upstream_key: format!("http://{upstream_key}"), redirect: None, + version: location.version, + allowed_ips: location.allowed_ips.clone(), + headers: location.headers.clone(), }; locations.push(location); } @@ -203,6 +209,9 @@ pub async fn add_rule( let location = LocationTemplate { path: location.path.clone(), upstream_key: http.url.clone(), + version: location.version, + allowed_ips: location.allowed_ips.clone(), + headers: location.headers.clone(), redirect: http.redirect.clone().map(|r| format!("{r}")), }; locations.push(location); diff --git a/crates/nanocl_stubs/src/proxy.rs b/crates/nanocl_stubs/src/proxy.rs index c7e7e2a3c..681282738 100644 --- a/crates/nanocl_stubs/src/proxy.rs +++ b/crates/nanocl_stubs/src/proxy.rs @@ -248,6 +248,8 @@ pub struct ProxyHttpLocation { pub path: String, /// The target cargo pub target: LocationTarget, + /// Allowed ip addr + pub allowed_ips: Option>, /// Extras header to add #[cfg_attr( feature = "serde", diff --git a/examples/deploy_example.yml b/examples/deploy_example.yml index b9d5ab81e..abaf5b1ae 100644 --- a/examples/deploy_example.yml +++ b/examples/deploy_example.yml @@ -1,74 +1,80 @@ ApiVersion: v0.12 Secrets: -- Name: env.deploy-example.com - Kind: nanocl.io/env - Data: - - MY_VALUE=MY_KEY + - Name: env.deploy-example.com + Kind: nanocl.io/env + Data: + - MY_KEY=MY_VALUE -- Name: env.trash - Kind: nanocl.io/env - Data: - - TRASH=MY_KEY + - Name: env.trash + Kind: nanocl.io/env + Data: + - MY_TRASH_KEY=MY_TRASH_VALUE # See all options: # https://docs.next-hat.com/references/nanocl/objects/resource Resources: -- Name: deploy-example.com - Kind: ncproxy.io/rule - Metadata: - CertManager: certbot - Selector: - App: deploy-example - Data: - Rules: - - Domain: deploy-example.com - Network: All - Locations: - - Path: / - Target: - Key: deploy-example2.global.c - Port: 9000 - - Path: /v1 - Target: - Key: deploy-example.global.c - Port: 9000 - - Path: /v2 - Target: - Key: deploy-example2.global.c - Port: 9000 + - Name: deploy-example.com + Kind: ncproxy.io/rule + Metadata: + CertManager: certbot + Selector: + App: deploy-example + Data: + Rules: + - Domain: deploy-example.com + Network: All + Locations: + - Path: / + Target: + Key: deploy-example2.global.c + Port: 9000 + - Path: /v1 + Target: + Key: deploy-example.global.c + Port: 9000 + - Path: /v2 + Target: + Key: deploy-example2.global.c + Port: 9000 + - Path: /private + AllowedIps: + - 127.0.0.2 + Target: + Key: deploy-example2.global.c + Port: 9000 -- Name: proxy-get-started - Kind: ncproxy.io/rule - Data: - Rules: - - Domain: get-started.com - Network: All - Locations: - - Path: / - Target: - Url: https://google.com - Redirect: Temporary + - Name: proxy-get-started + Kind: ncproxy.io/rule + Data: + Rules: + - Domain: get-started.com + Network: All + Locations: + - Path: / + Target: + Url: https://google.com + Redirect: Temporary # See all options: # https://docs.next-hat.com/references/nanocl/objects/cargo Cargoes: -- Name: deploy-example - Metadata: - Selector: - App: deploy-example - Secrets: - - env.deploy-example.com - Container: - Image: ghcr.io/next-hat/nanocl-get-started:latest - Env: - - APP=GET_STARTED - - NEW=GG + - Name: deploy-example + Metadata: + Selector: + App: deploy-example + Secrets: + - env.deploy-example.com + Container: + Image: ghcr.io/next-hat/nanocl-get-started:latest + Env: + - APP=GET_STARTED + - NEW=GG -- Name: deploy-example2 - Secrets: - - env.trash - Container: - Image: ghcr.io/next-hat/nanocl-get-started:latest - Env: - - APP=GET_STARTED2 + - Name: deploy-example2 + Secrets: + - env.trash + Container: + Image: ghcr.io/next-hat/nanocl-get-started:latest + Env: + - APP=GET_STARTED2