BouncyPancake

joined 1 year ago
 

I know the discussion of ownCloud vs NextCloud is as old as time but most of those discussions focus on the photo and file syncing features. I wanna know if ownCloud or NextCloud would be better for office and collaborative work. Stuff like hosting and running Collabora, CalDAV, CardDAV, file sharing.

[–] BouncyPancake@alien.top 1 points 1 year ago

So I don't need to do an && statment or something ?

I can just do

use_backend manage_ssl if is_whitelisted
use_backend manage_ssl if { req_ssl_sni -i management.example.com }

or would i have to do something like

use_backend manage_ssl if { req_ssl_sni -i management.example.com } && if is_whitelisted

 
frontend main_ssl
        bind *:443
        mode tcp
        option tcplog

        # Wait for a client hello for at most 5 seconds
        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }


        use_backend cloud_ssl if { req_ssl_sni -i cloud.example.com }
        use_backend rproxy_ssl if { req_ssl_sni -i assets.example.com }
        use_backend rproxy_ssl if { req_ssl_sni -i support.example.com }
        use_backend manage_ssl if { req_ssl_sni -i management.example.com }


backend cloud_ssl
        mode tcp
        balance roundrobin
        server cloud_ssl_server 10.10.5.8:443 check

backend rproxy_ssl
        mode tcp
        balance roundrobin
        server rpoxy_ssl_server 10.10.5.40:443 check

backend manage_ssl
        mode tcp
        balance roundrobin
        server manage_ssl_server 10.10.5.2:443 check

Is it possible to get 'manage_ssl' to block all IP addresses except for a small collection in a file or such?

I know that there is some documentation and quite a few Stack Overflow posts but I seem to be lacking an understanding of the syntax / format that this stuff needs to be in.

and no, I can't just block at the whole proxy level, nor can I do it at the firewall level. The other sites have to be reachable by all users, it's just one domain that needs to be blocked and IPs whitelisted for.

[–] BouncyPancake@alien.top 1 points 1 year ago

If its down, I assume performance is bad

[–] BouncyPancake@alien.top 1 points 1 year ago

A proper logging server. I'm just not motivated to learn a bunch of stuff right now sadly.