Welcome! Log In Create A New Profile

Advanced

How to allow access to a URL from only a selected IP

Posted by abasel 
How to allow access to a URL from only a selected IP
October 28, 2019 01:35PM
I am using Nginx on my Ubuntu 18.04 box, running OpenHAB. I am only wanting a particular IP on my network to be able to browse to any URL with '/paperui/' in the address.

My configuration files looks as follows:

server {
listen 80;
server_name mydomain_or_myip;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mydomain_or_myip;

ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # or /etc/ssl/openhab.crt
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # or /etc/ssl/openhab.key
add_header Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.

location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}

#### When using Let's Encrypt Only ####
location /.well-known/acme-challenge/ {
root /var/www/mydomain;
}
}
Re: How to allow access to a URL from only a selected IP
October 29, 2019 04:00AM
The following appears to almost work

server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name 192.168.1.25;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;

# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }


location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;

}

}

When

# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }

is uncommented, nothing access any url with "paper" in the address. I tried merging some of the settings from the other location block into the paper one but could not get that to work either.
Re: How to allow access to a URL from only a selected IP
October 29, 2019 09:12PM
Even when I try the following I get a 404 error whenever browsing to any URL with 'paper' in it

location ~ paper {
allow all;
deny 192.168.1.5;
}
Re: How to allow access to a URL from only a selected IP
October 29, 2019 10:40PM
Nearly there I think. The below gives me the correct 403 response. If I however add

allow 192.168.1.51

I then get a 404 error.

I think it has something to do with the reserve proxy.

location ^~ /paperui/ {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;


deny all;

auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;

}



Edited 1 time(s). Last edit at 10/29/2019 10:49PM by abasel.
Re: How to allow access to a URL from only a selected IP
October 30, 2019 12:02AM
Thought that I had it sorted but alas not



Edited 1 time(s). Last edit at 10/30/2019 12:05AM by abasel.
Re: How to allow access to a URL from only a selected IP
October 30, 2019 04:57AM
Working :) I had a trailing "/" after 8080 that was breaking it

server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name 192.168.1.25;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;

location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;

}

location ^~ /paperui {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

allow 192.168.1.51;
deny all;

auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;

}

}
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready