Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Nginx help please
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Nginx help please

gwnd1989gwnd1989 Member
in Help

I have this block in the nginx.conf. IP stands for actual IPs.

What I need is to IP restrict requests to /admin/ and /admin/whateverpath

location ~ ^/admin(/.*)?$ {
            allow IP;
            allow IP;
            allow IP;
            allow IP;
            allow IP;
            deny all;
}

But when this is in effect, it blocks all ips including the allowed IPs.

What am I doing wrong here? Thank you for any help.

Comments

  • totototototo Member 
    location ^~ /admin/ {
    allow IP;
    deny all;
}

    how about this?

    Thanked by 2gwnd1989 wedge1001
  • gwnd1989gwnd1989 Member

    @tototo said:

    location ^~ /admin/ {
    allow IP;
    deny all;
}

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

  • FatGrizzlyFatGrizzly Member, Host Rep

    @gwnd1989 said:

    @tototo said:

    location ^~ /admin/ {
    allow IP;
    deny all;
}

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

    is it a php application? are you handling .php seperately?

  • gwnd1989gwnd1989 Member

    @FatGrizzly said:

    @gwnd1989 said:

    @tototo said:

    location ^~ /admin/ {
    allow IP;
    deny all;
}

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

    is it a php application? are you handling .php seperately?

    Thank you

    Ruby app, yes handling Ruby here

    server {
    listen       8080;
    server_name  redacted;
    root '/home/redacted/api3-0/current/public';
    passenger_enabled on;
    passenger_ruby /usr/local/rvm/wrappers/ruby-2.7.2/ruby;
    passenger_app_root '/home/redacted/api3-0/current';
    passenger_app_env production;
    passenger_spawn_method smart;
    passenger_min_instances 24;
    passenger_friendly_error_pages off;

    location ~ ^/admin(/.*)?$ {
                allow IP;
                allow IP;
                allow IP;
                allow IP;
                deny all;
    }

    # Rails asset pipeline support.
    location ~ "^/assets/.+-[0-9a-f]{32}\..+" {
            error_page 490 = @static_asset;
            error_page 491 = @dynamic_request;
            recursive_error_pages on;

            if (-f $request_filename) {
                    return 490;
            }
            if (!-f $request_filename) {
                    return 491;
            }
    }
    location @static_asset {
            gzip_static on;
            expires max;
            add_header Cache-Control public;
            add_header ETag "";
    }
    location @dynamic_request {
            passenger_enabled on;
            passenger_ruby /usr/local/rvm/wrappers/ruby-2.7.2/ruby;
    }

}
  • AndreixAndreix Member, Host Rep
    edited February 15

    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    Thanked by 1gwnd1989
  • amarcamarc Veteran

    How about:

    1. deny all
    2. allow what IP's you want

    So.. it reads from top to bottom so invert that and put deny all on top

  • gwnd1989gwnd1989 Member

    @Andreix said:
    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    Thank you

  • amarcamarc Veteran

    @gwnd1989 said: Thank you

    So, did you try any of options posted here and did any work ?

  • gwnd1989gwnd1989 Member

    @amarc said:

    @gwnd1989 said: Thank you

    So, did you try any of options posted here and did any work ?

    The maintenance window is not up yet. Tomorrow morning I will.

  • amarcamarc Veteran

    Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

  • marianmarian Member

    @amarc said: Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

    also, before reloading/restarting you can run "nginx -t" to check if there are any config errors.

    Thanked by 1gwnd1989
  • gwnd1989gwnd1989 Member

    @amarc said:
    Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

    No, but we have to follow the protocol. If the new edits break access for people its not ideal.

  • gwnd1989gwnd1989 Member

    @Andreix said:
    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

  • bollebolle Member
    edited February 16

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

    Was that inside location section, like so:

    location ^~ /admin/ {
    allow IP;
    deny all;
    set_real_ip_from proxy_server_ip;
    eal_ip_header X-Forwarded-For;
}

    Or did you put it before?

  • gwnd1989gwnd1989 Member

    @bolle said:

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

    Was that inside location section, like so:

    location ^~ /admin/ {
    allow IP;
    deny all;
    set_real_ip_from proxy_server_ip;
    eal_ip_header X-Forwarded-For;
}

    Or did you put it before?

    Before allow IP

Sign In or Register to comment.