mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-02 03:33:05 +00:00
fix(acl): add missing internal namespace communications
This commit is contained in:
parent
0426212348
commit
7bdd7748e4
1 changed files with 9 additions and 0 deletions
|
@ -147,6 +147,11 @@ need to add the following ACLs
|
|||
// users can access their own devices
|
||||
{"action":"accept", "users":["dev1-computer"], "ports":["dev1-phone:*"]},
|
||||
{"action":"accept", "users":["dev1-phone"], "ports":["dev1-computer:*"]},
|
||||
|
||||
// internal namespace communications should still be allowed within the namespace
|
||||
{"action":"accept", "users":["dev"], "ports":["dev:*"]},
|
||||
{"action":"accept", "users":["prod"], "ports":["prod:*"]},
|
||||
{"action":"accept", "users":["internal"], "ports":["internal:*"]},
|
||||
]
|
||||
}
|
||||
```
|
||||
|
@ -263,6 +268,10 @@ Here are the ACL's to implement the same permissions as above:
|
|||
]
|
||||
},
|
||||
|
||||
// servers should be able to talk to database. Database should not be able to initiate connections to server
|
||||
{"action":"accept", "users":["tag:dev-app-servers"], "ports":["tag:dev-databases:5432"]},
|
||||
{"action":"accept", "users":["tag:prod-app-servers"], "ports":["tag:prod-databases:5432"]},
|
||||
|
||||
// interns have access to dev-app-servers only in reading mode
|
||||
{"action":"accept", "users":["group:intern"], "ports":["tag:dev-app-servers:80,443"]},
|
||||
|
||||
|
|
Loading…
Reference in a new issue