Nginx Reverse Proxy - IP Filtering

Over the past few weeks I have converted all my projects to using docker and begun to use Nginx as a reverse proxy so that I can host multiple dockerized websites that all share port 80, on the same server. Now I am going to show you how you can restrict access to some dockerized sites, whilst leaving others completely open. This relies on trusting known IPs so that there is no authenticaton layer which could prevent private services from working automatically.


    Generate a list of all the IP addresses or subnets that you want to allow. e.g.
    Open the relevant site configuration file within
    in a text editor. e.g.
    sudo editor /etc/nginx/sites-enabled/
    Within the location section, add an
    statement for each IP or subnet that you want to allow. Then add
    deny all;
    on the line below.
    It is very important that the deny all is below all of the allow statements

    [ example config ]
    Restart nginx:
    sudo invoke-rc.d nginx reload
    Navigate to the site on an IP that was not added and you should see something similar to below:


No comments:

Post a Comment