Nginx proxy: deny all apart from sub-path

nginx reverse-proxy proxypass
6,483

Fixed on advice from Richard's comment.

Nginx only matches one location block, so I moved the headers to be defined in the server and set proxy_pass with the appropriate allow,deny on paths to be proxied.

server {
    listen 80;
    listen [::]:80;

    server_name example.com;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_buffering off;

    location /api {
        proxy_pass http://node_upstream;
        allow all;
    }

    location / {
        proxy_pass http://node_upstream;
        allow 1.2.3.4;
        deny all;
    }
    ...
}
Share:
6,483

Related videos on Youtube

Jaffa
Author by

Jaffa

Updated on September 18, 2022

Comments

  • Jaffa
    Jaffa almost 2 years

    I'm trying to setup an Nginx proxy for a node app that is currently under development.

    I'm trying to allow only whitelisted IPs to access the main site, but I have an /api path that I would like to be accessible by any IP.

    I've tried defining the location block in different orders, nested etc but no dice, currently it seems to not pass any requests to /api to the proxy

    upstream node_upstream {
    server 127.0.0.1:3000 fail_timeout=0;
}

server {
     listen 80;
     listen [::]:80;
     server_name example.com;

     location /api {
         allow all;
     }

     location / {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_redirect off;
         proxy_buffering off;
         proxy_pass http://node_upstream;
         allow 1.2.3.4;
         deny all;
     }

     location /public {
         root /path/to/static/files;
     }

     listen 443 ssl;
     ... SSL Config here...

     if ($scheme != "https") {
         return 301 https://$host$request_uri;
     }
}
    • Richard Smith
      Richard Smith almost 7 years
      If location /api is to be proxied, you will need to add a proxy_pass statement there. See how nginx processes a request, but essentially, nginx chooses one location block to process a request - not the merged statements from several.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I proxy pass a URL in Nginx where location match is a URL and proxy pass has another URL
nginx upstream not working
Nginx Reverse Proxy To Tomcat
nginx reverse proxy with query parameter modification
nginx reverse proxy not passing requests
How to prevent nginx from reverse proxy specific subdirectories
How to handle relative urls correctly with a nginx reverse proxy
Configure Nginx as reverse proxy with upstream SSL using server_name
Spring Boot and Nginx integration
Configure Nginx with proxy_pass