-
Notifications
You must be signed in to change notification settings - Fork 10
/
manifest.yml
121 lines (114 loc) · 3.01 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
applications:
- name: cms
docker:
image: gsatts/usagov-2021:cms-latest
memory: 1.5G
disk_quota: 4G
timeout: 180
services:
- database
- secrets
- secauthsecrets
- storage
health-check-type: process
- name: www
docker:
image: gsatts/usagov-2021:www-latest
memory: 256M
disk_quota: 4G
timeout: 180
services:
- secrets
- storage
health-check-type: process
- name: waf
docker:
image: gsatts/usagov-2021:waf-latest
disk_quota: 1G
memory: 256M
services:
- secrets
health-check-type: process
env:
APP_NAME: nginx
BLOCKED_NAME: USAGov
IP_ALLOWED: |
# allow 50.81.160.164; # comment out as this points to someone's house using Mediacom Communications as their ISP? `nslookup` says 50-81-160-164.client.mchsi.com
# allow 100.36.151.190; # comment out as this points to someone's house in DC? `nslookup` says pool-100-36-151-190.washdc.fios.verizon.net
# AWS EC2 Instances on the west-coast? Why do we have these? (see ticket USAGOV-1103)
allow 52.222.122.97/32;
allow 52.222.123.172/32;
# GSA CIDR Block
allow 159.142.0.0/16;
# SiteImprove:
allow 13.58.165.213;
allow 18.116.191.222;
allow 18.116.197.208;
allow 18.189.206.159;
allow 18.190.68.80;
allow 18.216.137.252;
allow 18.223.191.8;
allow 3.13.121.241;
allow 3.133.38.181;
allow 3.135.49.180;
allow 3.136.111.218;
allow 3.138.54.100;
allow 18.219.35.44;
allow 18.157.140.51;
allow 18.159.218.224;
allow 18.196.205.2;
allow 18.198.120.55;
allow 3.124.26.114;
allow 3.125.99.135;
allow 3.64.159.177;
allow 3.66.247.32;
allow 3.68.122.244;
allow 52.57.167.198;
allow 35.158.180.204;
allow 18.192.147.131;
allow 52.58.146.230;
allow 185.229.145.22;
allow 3.129.126.175;
# Salesforce GovCloud:
allow 96.43.153.8;
allow 96.43.152.8;
allow 52.61.131.34;
allow 52.61.135.34;
# US-East IPs from Salesforce Public Cloud:
allow 3.225.240.254/32;
allow 18.204.28.162/32;
allow 18.214.12.209/32;
allow 34.202.86.120/32;
allow 34.204.111.166/32;
allow 52.44.156.44/32;
# US-West IPs from Salesforce Public Cloud:
allow 44.233.69.21/32;
allow 44.237.79.66/32;
allow 52.36.20.11/32;
allow 35.80.213.208/32;
allow 35.161.141.162/32;
allow 44.234.249.148/32;
# Connections from Salesforce in the US:
allow 3.225.151.145;
allow 3.225.240.254/32;
allow 18.204.28.162/32;
allow 18.211.105.61;
allow 34.197.58.108;
allow 34.204.111.166/32;
allow 52.3.16.30;
allow 52.22.251.194;
allow 52.70.135.185;
- name: cron
docker:
image: gsatts/usagov-2021:cron
memory: 128M
disk_quota: 4G
timeout: 180
no-route: true
services:
- cron-state-storage
- cron-event-storage
- cron-callwait-storage
- cron-service-account
health-check-type: process