From 120507512d2ad9abea62170dbe6735a90018af68 Mon Sep 17 00:00:00 2001 From: lagertonne Date: Tue, 12 Nov 2024 17:28:12 +0100 Subject: [PATCH] deploy: Simple protection for metrics endpoint --- deploy/ansible/playbooks/templates/nginx.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/deploy/ansible/playbooks/templates/nginx.conf.j2 b/deploy/ansible/playbooks/templates/nginx.conf.j2 index 608ffd5..3533f37 100644 --- a/deploy/ansible/playbooks/templates/nginx.conf.j2 +++ b/deploy/ansible/playbooks/templates/nginx.conf.j2 @@ -70,6 +70,13 @@ server { alias /var/www/c3lf-sys3/staticfiles/; } + location /metrics { + allow 95.156.226.90; + allow 127.0.0.1; + allow ::1; + deny all; + } + listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/{{ web_domain }}/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/{{ web_domain }}/privkey.pem; # managed by Certbot