Skip to content
Snippets Groups Projects
Commit 30e4d972 authored by void's avatar void
Browse files

docker mit auf vpn ip binden

parent 1d2728f6
No related branches found
No related tags found
No related merge requests found
...@@ -50,8 +50,8 @@ ...@@ -50,8 +50,8 @@
LDAP_READONLY_USER_USERNAME: readonly LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}" LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
ports: ports:
- 0.0.0.0:389:389 - 10.0.20.2:389:389
- 0.0.0.0:636:636 - 10.0.20.2:636:636
- name: start phpldapadmin docker - name: start phpldapadmin docker
docker_container: docker_container:
......
...@@ -51,7 +51,7 @@ ...@@ -51,7 +51,7 @@
- name: clone repo - name: clone repo
git: git:
repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git" repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git"
# version: "1.1" version: "1.1"
dest: "/tmp/warpinfra_docker" dest: "/tmp/warpinfra_docker"
force: "yes" force: "yes"
register: gitclone register: gitclone
......
- name: Konfiguration erstellen
template: src=rc.local dest=/etc/rc.local mode=o+x
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -I FORWARD -p tcp -m tcp --dport 389 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD -p tcp -m tcp --dport 636 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD -s 127.0.0.0/8 -p tcp -m tcp --dport 636 -j ACCEPT
iptables -I FORWARD -s 192.168.0.0/24 -p tcp -m tcp --dport 636 -j ACCEPT
iptables -I FORWARD -s 172.17.0.0/24 -p tcp -m tcp --dport 636 -j ACCEPT
iptables -I FORWARD -s 192.168.0.0/24 -p tcp -m tcp --dport 389 -j ACCEPT
iptables -I FORWARD -s 127.0.0.0/8 -p tcp -m tcp --dport 389 -j ACCEPT
iptables -I FORWARD -s 172.17.0.0/24 -p tcp -m tcp --dport 389 -j ACCEPT
exit 0
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
- hosts: webserver - hosts: webserver
remote_user: root remote_user: root
roles: roles:
- { role: iptables, tags: iptables }
- { role: nginx, tags: nginx } - { role: nginx, tags: nginx }
- { role: openvpn, tags: openvpn } - { role: openvpn, tags: openvpn }
- { role: docker, tags: docker } - { role: docker, tags: docker }
......
...@@ -4,3 +4,4 @@ ...@@ -4,3 +4,4 @@
#modprobe ip_tables #modprobe ip_tables
#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389 #iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636 #iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment