Nginx Reverse Proxy - IP Filtering

Over the past few weeks I have converted all my projects to using docker and begun to use Nginx as a reverse proxy so that I can host multiple dockerized websites that all share port 80, on the same server. Now I am going to show you how you can restrict access to some dockerized sites, whilst leaving others completely open. This relies on trusting known IPs so that there is no authenticaton layer which could prevent private services from working automatically.

Steps

    Generate a list of all the IP addresses or subnets that you want to allow. e.g.
    123.456.789.0/24
    123.456.780.54
    Open the relevant site configuration file within
    /etc/nginx/sites-enabled
    in a text editor. e.g.
    sudo editor /etc/nginx/sites-enabled/technostu.com
    Within the location section, add an
    allow xxx.xxx.xxx.xxx;
    statement for each IP or subnet that you want to allow. Then add
    deny all;
    on the line below.
    It is very important that the deny all is below all of the allow statements

    [ example config ]
    Restart nginx:
    sudo invoke-rc.d nginx reload
    Navigate to the site on an IP that was not added and you should see something similar to below:

References

No comments:

Post a Comment