From bcf68e589346cc2422373d4d31da1f9365df8b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Hu=CC=88rtgen?= Date: Wed, 4 Jan 2023 09:39:01 +0100 Subject: [PATCH] FEATURE: Add possibility to restrict access to certain client address --- README.md | 3 +++ templates/reverseproxy.conf.j2 | 5 +++++ templates/reverseproxy_ssl.conf.j2 | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/README.md b/README.md index 101ca71..87c45e0 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,9 @@ nginx_revproxy_sites: # List of sites to ssl: false # Set to True if you want to redirect http to https letsencrypt: false # Set to True if you want to use letsencrypt conn_upgrade: true # Set the Connection upgrade header values + acls: # Limit access to certain client addresses (values can be address, CIDR, unix or all) + - { mode: allow, value: 192.168.0.1 } + - { mode: deny, value: all } example.org: # Domain name domains: # List of server_name aliases diff --git a/templates/reverseproxy.conf.j2 b/templates/reverseproxy.conf.j2 index 3439de9..71f4a04 100644 --- a/templates/reverseproxy.conf.j2 +++ b/templates/reverseproxy.conf.j2 @@ -28,6 +28,11 @@ server { server_name {{ item.value.domains | join(' ') }}; location / { +{% for acl in item.value.acls | default({}) %} +{% if acl.mode == 'allow' or acl.mode == 'deny' %} + {{ acl.mode | default('deny') }} {{ acl.value }}; +{% endif %} +{% endfor %} gzip off; client_max_body_size {{ item.value.client_max_body_size | default('50M') }}; proxy_read_timeout {{ item.value.proxy_read_timeout | default('300') }}; diff --git a/templates/reverseproxy_ssl.conf.j2 b/templates/reverseproxy_ssl.conf.j2 index fb8f073..08a05b9 100644 --- a/templates/reverseproxy_ssl.conf.j2 +++ b/templates/reverseproxy_ssl.conf.j2 @@ -87,6 +87,11 @@ server { } location / { +{% for acl in item.value.acls | default({}) %} +{% if acl.mode == 'allow' or acl.mode == 'deny' %} + {{ acl.mode | default('deny') }} {{ acl.value }}; +{% endif %} +{% endfor %} gzip off; proxy_set_header X-Forwarded-Ssl on; client_max_body_size {{ item.value.client_max_body_size | default('50M') }};