...
Add X-Real-IP and X-Forwarded-For headers using the proxy_set_header instruction by adding it to the /etc/nginx/conf.d/proxy.conf file.
| Code Block |
|---|
server { proxy_redirect server_name creativeattitude.com www.creativeattitude.com; off; proxy_set_header location / { Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_passheader http://192.168.1.X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 500m; client_header_buffer_size 500m; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 16k; proxy_buffers 32 16k; proxy_busy_buffers_size 64k; |
Restricting Access to IP Range
In the following example, we restrict access to a login page in confluence to internal ip addresses between: 192.168.1.100-255
See https://www.ipaddressguide.com/cidr for creating ip range.
| Code Block |
|---|
# restrict access to login to 192.168.1.100-255 location /login.action { 50:7082/; } listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.creativeattitude.com-0002/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/www.creativeattitude.com-0002/privkey.pem; # managed by Certbot proxy_set_header X-Real-IP $remote_addr; allow 192.168.1.100/30; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } server { allow 192.168.1.104/29; listen 80allow 192.168.1.112/28; server_name creativeattitude.com www.creativeattitude.com allow 192.168.1.128/25; deny all; return 301 https proxy_pass http://www.creativeattitude.com$request_uri; 192.168.1.50:8090/login.action; } |
Customized Dockerfile
The following Dockerfile adds certbot and apache2-utils to our nginx-reverse-proxy image.
...