Versions Compared

Old Version 12

changes.mady.by.user John

Saved on

compared with

New Version Current

changes.mady.by.user John

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
server {
    server_name  www.server.com server.com;
    listen 443 ssl; 
    location / {
         proxy_pass         http://192.168.1.60:12345/;
    }
    ssl_certificate /etc/letsencrypt/live/www.server.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.server.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    server_name  www.server.com server.com;
    listen 80;
    return 301 https://www.diabetease.com$request_uri;
}


Forwarding Real IP Address

Add X-Real-IP and X-Forwarded-For headers using the proxy_set_header instruction by adding it to the /etc/nginx/conf.d/proxy.conf file.

Code Block
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 500m;
client_header_buffer_size 500m;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;


Restricting Access to IP Range

In the following example, we restrict access to a login page in confluence to internal ip addresses between: 192.168.1.100-255

See https://www.ipaddressguide.com/cidr for creating ip range. 


Code Block
        # restrict access to login to 192.168.1.100-255
        location /login.action {
            allow 192.168.1.100/30;
            allow 192.168.1.104/29;
            allow 192.168.1.112/28;
            allow 192.168.1.128/25;
            deny all;
            proxy_pass         http://192.168.1.50:8090/login.action;
        }


Customized Dockerfile

The following Dockerfile adds certbot and apache2-utils to our nginx-reverse-proxy image.

Code Block
languageyml
titleDockerfile
FROM lerenn/nginx-reverse-proxy

RUN apt-get update
RUN apt-get install -y wget
RUN apt-get install -y apache2-utils
RUN wget https://dl.eff.org/certbot-auto
RUN chmod +x certbot-auto
RUN ./certbot-auto -n --install-only


References


ReferenceURL
Let's EncryptCertBot and Let's Encrypt
Restricting Access with HTTP Basic Authenticationhttps://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/