Fix the restricted_web security group.
This commit is contained in:
parent
f8633aca0e
commit
e263dbb32f
|
@ -286,29 +286,18 @@ resource "openstack_networking_secgroup_rule_v2" "public_https" {
|
||||||
resource "openstack_networking_secgroup_v2" "restricted_web" {
|
resource "openstack_networking_secgroup_v2" "restricted_web" {
|
||||||
name = "restricted_web_service"
|
name = "restricted_web_service"
|
||||||
delete_default_rules = "true"
|
delete_default_rules = "true"
|
||||||
description = "Security group that restricts HTTP and HTTPS sources to the VPN nodes and shell.d4science.org"
|
description = "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "http_from_d4s_vpn_1" {
|
resource "openstack_networking_secgroup_rule_v2" "http_from_everywhere" {
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
||||||
description = "Allow HTTP from D4Science VPN 1"
|
description = "Allow HTTP from everywhere"
|
||||||
direction = "ingress"
|
direction = "ingress"
|
||||||
ethertype = "IPv4"
|
ethertype = "IPv4"
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
port_range_min = 80
|
port_range_min = 80
|
||||||
port_range_max = 80
|
port_range_max = 80
|
||||||
remote_ip_prefix = var.ssh_sources.d4s_vpn_1_cidr
|
remote_ip_prefix = "0.0.0.0/0"
|
||||||
}
|
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "http_from_d4s_vpn_2" {
|
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
|
||||||
description = "Allow HTTP from D4Science VPN 2"
|
|
||||||
direction = "ingress"
|
|
||||||
ethertype = "IPv4"
|
|
||||||
protocol = "tcp"
|
|
||||||
port_range_min = 80
|
|
||||||
port_range_max = 80
|
|
||||||
remote_ip_prefix = var.ssh_sources.d4s_vpn_2_cidr
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_1" {
|
resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_1" {
|
||||||
|
@ -333,28 +322,6 @@ resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_2" {
|
||||||
remote_ip_prefix = var.ssh_sources.d4s_vpn_2_cidr
|
remote_ip_prefix = var.ssh_sources.d4s_vpn_2_cidr
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "http_from_s2i2s_vpn_1" {
|
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
|
||||||
description = "Allow HTTP from S2I2S VPN 1"
|
|
||||||
direction = "ingress"
|
|
||||||
ethertype = "IPv4"
|
|
||||||
protocol = "tcp"
|
|
||||||
port_range_min = 80
|
|
||||||
port_range_max = 80
|
|
||||||
remote_ip_prefix = var.ssh_sources.s2i2s_vpn_1_cidr
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "http_from_s2i2s_vpn_2" {
|
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
|
||||||
description = "Allow HTTP from S2I2S VPN 2"
|
|
||||||
direction = "ingress"
|
|
||||||
ethertype = "IPv4"
|
|
||||||
protocol = "tcp"
|
|
||||||
port_range_min = 80
|
|
||||||
port_range_max = 80
|
|
||||||
remote_ip_prefix = var.ssh_sources.s2i2s_vpn_2_cidr
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_1" {
|
resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_1" {
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
||||||
description = "Allow HTTPS from S2I2S VPN 1"
|
description = "Allow HTTPS from S2I2S VPN 1"
|
||||||
|
@ -377,17 +344,6 @@ resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_2" {
|
||||||
remote_ip_prefix = var.ssh_sources.s2i2s_vpn_2_cidr
|
remote_ip_prefix = var.ssh_sources.s2i2s_vpn_2_cidr
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "http_from_shell_d4s" {
|
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
|
||||||
description = "Allow HTTP from shell.d4science.org"
|
|
||||||
direction = "ingress"
|
|
||||||
ethertype = "IPv4"
|
|
||||||
protocol = "tcp"
|
|
||||||
port_range_min = 80
|
|
||||||
port_range_max = 80
|
|
||||||
remote_ip_prefix = var.ssh_sources.shell_d4s_cidr
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "https_from_shell_d4s" {
|
resource "openstack_networking_secgroup_rule_v2" "https_from_shell_d4s" {
|
||||||
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
security_group_id = openstack_networking_secgroup_v2.restricted_web.id
|
||||||
description = "Allow HTTPS from shell.d4science.org"
|
description = "Allow HTTPS from shell.d4science.org"
|
||||||
|
|
Loading…
Reference in New Issue