first commit

dynamic.yml

@@ -0,0 +1,47 @@
+http:
+  middlewares:
+    block-ip-access:
+      headers:
+        customRequestHeaders:
+          Host: ""  # This will catch requests with no Host header or invalid ones
+    cloudflarewarp:
+      plugin:
+        cloudflare:
+          trustedCIDRs: []
+          overwriteRequestHeader: true
+          debug: true
+    crowdsec:
+      plugin:
+        bouncer:
+          enabled: true
+          crowdsecMode: stream
+          crowdsecLapiHost: "localhost:8080"
+          crowdsecLapiKey: gFJjSzdbB0GCe/1Y9HcxMPP1vQmoa4psZOFyleJZJVQ
+    compress-middleware:
+      compress:
+        encodings:
+          - br
+          - gzip
+        defaultEncoding: br
+  routers:
+    block-direct-access:
+      rule: "HostRegexp(`{host:.+}`)"  # Matches any host
+      service: noop@internal
+      priority: 1  # Low priority to catch unmatched requests
+      entryPoints:
+        - web
+        - websecure
+      middlewares:
+        - block-ip-access
+    netdata:
+      rule: Host(`netdata.gbanyan.net`)
+      service: netdata
+      entryPoints: ["internal_websecure"]
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    netdata:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:19999"