Over the past few weeks I have converted all my projects to using docker and begun to use Nginx as a reverse proxy so that I can host multiple dockerized websites that all share port 80, on the same server. Now I am going to show you how you can restrict access to some dockerized sites, whilst leaving others completely open. This relies on trusting known IPs so that there is no authenticaton layer which could prevent private services from working automatically.
Steps
Generate a list of all the IP addresses or subnets that you want to allow. e.g.
123.456.789.0/24 123.456.780.54
Open the relevant site configuration file within
/etc/nginx/sites-enabled
in a text editor. e.g.
sudo editor /etc/nginx/sites-enabled/technostu.com
Within the location section, add an
[ example config ]
allow xxx.xxx.xxx.xxx;
statement for each IP or subnet that you want to allow. Then add deny all;
on the line below.
It is very important that the deny all is below all of the allow statements
[ example config ]
Restart nginx:
sudo invoke-rc.d nginx reload
Navigate to the site on an IP that was not added and you should see something similar to below:
No comments:
Post a Comment