From 541c7182f2528dc7bf54245d72c72c39afe44118 Mon Sep 17 00:00:00 2001 From: Naman1997 Date: Tue, 10 Sep 2024 00:14:19 +1000 Subject: [PATCH 1/5] Remove use of port 443 from LAN --- templates/ingress/nginx-controller.template | 1 - templates/iptables/add-nat-routing.sh | 5 ++--- templates/iptables/remove-nat-routing.sh | 5 ++--- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/templates/ingress/nginx-controller.template b/templates/ingress/nginx-controller.template index 00016f2..4ddcf7d 100644 --- a/templates/ingress/nginx-controller.template +++ b/templates/ingress/nginx-controller.template @@ -3,7 +3,6 @@ controller: enabled: true ports: http: 80 - https: 443 kind: DaemonSet service: diff --git a/templates/iptables/add-nat-routing.sh b/templates/iptables/add-nat-routing.sh index cc59aa8..9ac528b 100644 --- a/templates/iptables/add-nat-routing.sh +++ b/templates/iptables/add-nat-routing.sh @@ -9,6 +9,5 @@ iptables -A FORWARD -i $WG_FACE -j ACCEPT iptables -t nat -A POSTROUTING -o $IN_FACE -j MASQUERADE iptables -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT -# HTTP(S) -iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT -iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT \ No newline at end of file +# HTTP +iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT \ No newline at end of file diff --git a/templates/iptables/remove-nat-routing.sh b/templates/iptables/remove-nat-routing.sh index 5d1baa0..032f60e 100644 --- a/templates/iptables/remove-nat-routing.sh +++ b/templates/iptables/remove-nat-routing.sh @@ -9,6 +9,5 @@ iptables -D FORWARD -i $WG_FACE -j ACCEPT iptables -t nat -D POSTROUTING -o $IN_FACE -j MASQUERADE iptables -D INPUT -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT -# HTTP(S) -iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT \ No newline at end of file +# HTTP +iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT \ No newline at end of file From e1301adff6a28aced45b13bdcc050ce70b21f77b Mon Sep 17 00:00:00 2001 From: Naman1997 Date: Tue, 10 Sep 2024 00:21:49 +1000 Subject: [PATCH 2/5] Add license badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5790371..1e04eb6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # wireguard-k8s-ingress [![Ansible](https://github.com/Naman1997/wireguard-k8s-ingress/actions/workflows/main.yml/badge.svg)](https://github.com/Naman1997/wireguard-k8s-ingress/actions/workflows/main.yml) + [![GitHub license](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/Naman1997/proxmox-terraform-template-k8s/blob/main/LICENSE) ## Objective From fe66553d08a9f7a7b3cc80e265a9b7b10e293226 Mon Sep 17 00:00:00 2001 From: Naman1997 Date: Tue, 10 Sep 2024 00:24:43 +1000 Subject: [PATCH 3/5] Keep 443 on cloud vps --- templates/iptables/add-nat-routing.sh | 3 ++- templates/iptables/remove-nat-routing.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/iptables/add-nat-routing.sh b/templates/iptables/add-nat-routing.sh index 9ac528b..14a52f1 100644 --- a/templates/iptables/add-nat-routing.sh +++ b/templates/iptables/add-nat-routing.sh @@ -10,4 +10,5 @@ iptables -t nat -A POSTROUTING -o $IN_FACE -j MASQUERADE iptables -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT # HTTP -iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT \ No newline at end of file +iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT +iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT \ No newline at end of file diff --git a/templates/iptables/remove-nat-routing.sh b/templates/iptables/remove-nat-routing.sh index 032f60e..ab84be1 100644 --- a/templates/iptables/remove-nat-routing.sh +++ b/templates/iptables/remove-nat-routing.sh @@ -10,4 +10,5 @@ iptables -t nat -D POSTROUTING -o $IN_FACE -j MASQUERADE iptables -D INPUT -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT # HTTP -iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT \ No newline at end of file +iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT \ No newline at end of file From 3a7e4da42d20a9520e4ef762ff0d404fcee02a39 Mon Sep 17 00:00:00 2001 From: Naman1997 Date: Tue, 10 Sep 2024 00:25:15 +1000 Subject: [PATCH 4/5] Keep 443 on cloud vps --- templates/iptables/add-nat-routing.sh | 2 +- templates/iptables/remove-nat-routing.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/iptables/add-nat-routing.sh b/templates/iptables/add-nat-routing.sh index 14a52f1..cc59aa8 100644 --- a/templates/iptables/add-nat-routing.sh +++ b/templates/iptables/add-nat-routing.sh @@ -9,6 +9,6 @@ iptables -A FORWARD -i $WG_FACE -j ACCEPT iptables -t nat -A POSTROUTING -o $IN_FACE -j MASQUERADE iptables -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT -# HTTP +# HTTP(S) iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT \ No newline at end of file diff --git a/templates/iptables/remove-nat-routing.sh b/templates/iptables/remove-nat-routing.sh index ab84be1..5d1baa0 100644 --- a/templates/iptables/remove-nat-routing.sh +++ b/templates/iptables/remove-nat-routing.sh @@ -9,6 +9,6 @@ iptables -D FORWARD -i $WG_FACE -j ACCEPT iptables -t nat -D POSTROUTING -o $IN_FACE -j MASQUERADE iptables -D INPUT -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT -# HTTP +# HTTP(S) iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT \ No newline at end of file From 5278dcd1aa4ce2b7c6304dd35b3de666385defbc Mon Sep 17 00:00:00 2001 From: Naman1997 Date: Tue, 10 Sep 2024 00:35:33 +1000 Subject: [PATCH 5/5] Include https redirect in caddy template --- templates/caddyfile.template | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/caddyfile.template b/templates/caddyfile.template index 7bbbcc7..c857a61 100644 --- a/templates/caddyfile.template +++ b/templates/caddyfile.template @@ -2,6 +2,10 @@ email {{ ssl_email }} } -{{ duckdns_domain }} { +http://{{ duckdns_domain }} { + https://{{ duckdns_domain }} permanent +} + +https://{{ duckdns_domain }} { reverse_proxy http://10.20.0.2:80 } \ No newline at end of file