Skip to content
Snippets Groups Projects
Commit 555264ed authored by Florian Sesser's avatar Florian Sesser
Browse files

Only allow monitoring machines to access the monitoring machine's monitoring endpoint

Fixes privatestorageops#408
parent 64bee7ab
No related branches found
No related tags found
2 merge requests!264merge develop into production,!242Grafana: Allow access to /metrics only to monitoring network and localhost
Pipeline #1671 passed
......@@ -183,6 +183,17 @@ in {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
locations."/metrics" = {
# Only allow our monitoringvpn subnet
# And localhost since we're the monitoring server currently
extraConfig = ''
allow 172.23.23.0/24;
allow 127.0.0.1;
allow ::1;
deny all;
'';
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
};
};
};
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment