lino/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Local ip auth override

Browse Source
This commit is contained in:
Lino Silva
2026-04-10 23:09:08 +01:00
parent 57847ca4fe
commit 13022f4c34
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/roles/traefik/templates/remote-services.yml.j2
+25
View File
@@ -36,6 +36,16 @@ http:
insecureSkipVerify: true insecureSkipVerify: true
routers: routers:
# Local IP bypass - HTTPS (higher priority, no auth)
traefik-secure-local:
rule: "Host(`traefik.{{ domain }}`) && (ClientIP(`192.168.0.0/16`) || ClientIP(`10.0.0.0/8`) || ClientIP(`172.16.0.0/12`))"
entryPoints:
- https
priority: 200
service: api@internal
tls:
certResolver: cloudflare
# Static services - HTTPS # Static services - HTTPS
traefik-secure: traefik-secure:
rule: "Host(`traefik.{{ domain }}`)" rule: "Host(`traefik.{{ domain }}`)"
@@ -106,6 +116,21 @@ http:
# Auto-configured services - HTTPS # Auto-configured services - HTTPS
{% for service_name, config in auto_configure_traefik.items() %} {% for service_name, config in auto_configure_traefik.items() %}
{% if config.auth_required | default(true) %}
# {{ service_name }} - local IP bypass (no auth)
{{ service_name }}-local:
rule: "Host(`{{ config.subdomain }}.{{ domain }}`) && (ClientIP(`192.168.0.0/16`) || ClientIP(`10.0.0.0/8`) || ClientIP(`172.16.0.0/12`))"
entryPoints:
- https
priority: 200
{% if config.forward_https | default(false) %}
middlewares:
- {{ service_name }}-https-headers
{% endif %}
service: {{ service_name }}
tls:
certResolver: cloudflare
{% endif %}
{% if config.auth_bypass_paths is defined %} {% if config.auth_bypass_paths is defined %}
# {{ service_name }} - bypass paths (no auth) # {{ service_name }} - bypass paths (no auth)
{% for path in config.auth_bypass_paths %} {% for path in config.auth_bypass_paths %}