Hello everyone,
Hopefully this is a simple question with a simple answer.
First my actual goal:
I'm hosting one server: domain.net which at domain.net serves a basic
homepage and uses iframes to proxy several other services, which are
defined in location blocks: domain.net/service.
I want to allow all IPs to access domain.net and the services proxied
inside of it. However I want to restrict direct access to
domain.net/service from outside my LAN.
What I've got so far:
I've set up my location blocks for my services to begin with:
allow 192.168.x.x/25;
deny all;
which very effectively blocks access from outside my LAN. However it
still blocks the services when proxied from within domain.net, I think
because I am using "proxy_set_header X-Real-IP $remote_addr;" so the
proxied request is arriving at the location block with an external IP. I
looked but could not find documentation on the proxy_set_header
X-Real-IP statement (I even ventured to page 2 of google :-P) to try to
get it to proxy the request as if my server running nginx had made the
request.
What I would like from y'all:
1. If there is a better way to achieve my goal, please tell me. I don't
have my heart set on this, its just all I could figure.
2. How do I use the proxy_set_header X-Real-IP $remote_addr; to fake
the internal IP? or is that even the correct header to be using?
Thanks very much for your time,
Rhys Ferris
Sample location block:
location /service/ {
allow 192.168.136.128/25;
deny all;
proxy_pass http://prometheus:1234/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
--
Sent from Thunderbird on Ubuntu 19.10
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx