How to allow access to a URL from only a selected IP
Posted by abasel
|
How to allow access to a URL from only a selected IP October 28, 2019 01:35PM |
Registered: 4 years ago Posts: 6 |
I am using Nginx on my Ubuntu 18.04 box, running OpenHAB. I am only wanting a particular IP on my network to be able to browse to any URL with '/paperui/' in the address.
My configuration files looks as follows:
server {
listen 80;
server_name mydomain_or_myip;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mydomain_or_myip;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # or /etc/ssl/openhab.crt
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # or /etc/ssl/openhab.key
add_header Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
#### When using Let's Encrypt Only ####
location /.well-known/acme-challenge/ {
root /var/www/mydomain;
}
}
My configuration files looks as follows:
server {
listen 80;
server_name mydomain_or_myip;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mydomain_or_myip;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # or /etc/ssl/openhab.crt
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # or /etc/ssl/openhab.key
add_header Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
#### When using Let's Encrypt Only ####
location /.well-known/acme-challenge/ {
root /var/www/mydomain;
}
}
|
Re: How to allow access to a URL from only a selected IP October 29, 2019 04:00AM |
Registered: 4 years ago Posts: 6 |
The following appears to almost work
server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.1.25;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
When
# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }
is uncommented, nothing access any url with "paper" in the address. I tried merging some of the settings from the other location block into the paper one but could not get that to work either.
server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.1.25;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
When
# location ~ paper {
# allow 192.168.1.52;
# deny all;
# }
is uncommented, nothing access any url with "paper" in the address. I tried merging some of the settings from the other location block into the paper one but could not get that to work either.
|
Re: How to allow access to a URL from only a selected IP October 29, 2019 09:12PM |
Registered: 4 years ago Posts: 6 |
|
Re: How to allow access to a URL from only a selected IP October 29, 2019 10:40PM |
Registered: 4 years ago Posts: 6 |
Nearly there I think. The below gives me the correct 403 response. If I however add
allow 192.168.1.51
I then get a 404 error.
I think it has something to do with the reserve proxy.
location ^~ /paperui/ {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Edited 1 time(s). Last edit at 10/29/2019 10:49PM by abasel.
allow 192.168.1.51
I then get a 404 error.
I think it has something to do with the reserve proxy.
location ^~ /paperui/ {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Edited 1 time(s). Last edit at 10/29/2019 10:49PM by abasel.
|
Re: How to allow access to a URL from only a selected IP October 30, 2019 12:02AM |
Registered: 4 years ago Posts: 6 |
|
Re: How to allow access to a URL from only a selected IP October 30, 2019 04:57AM |
Registered: 4 years ago Posts: 6 |
Working :) I had a trailing "/" after 8080 that was breaking it
server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.1.25;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ^~ /paperui {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
allow 192.168.1.51;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
server {
listen 80;
server_name 192.168.1.25;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.1.25;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ^~ /paperui {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
allow 192.168.1.51;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Sorry, only registered users may post in this forum.
Online Users
Guests:
251
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|