2

I have a single physical server running several server blocks in nginx corresponding to different subdomains. One of them I'd like to be only accessible from devices on the same local network as the server. I know theoretically this can be done with 

allow 192.168.1.0/24;
deny all;

within a location block. When I actually try to access the server from a local device, though, the request is denied. Looking at the access logs, this is because the request is shown as coming from my network's external IP rather than the device's internal IP. How can I fix this?

Sean
  • 3,002
  • 1
  • 26
  • 32
  • 1
    Is the device using the server's public name? The device will need to connect to the server's internal IP to avoid routing via the external IP. – Richard Smith Aug 12 '18 at 07:37
  • hm yes. Is there anyway to allow only local devices even when they access it via the public name? With a dynamic IP adding `allow [external ip];` doesn't seem like a great solution – Sean Aug 12 '18 at 17:34
  • Did you solve it? I have the same requirement. Thank you! – Martin Apr 12 '20 at 11:39

1 Answers1

3

Your issue is likely that you are using external DNS which routes your request to your public IP and then back to your website. Setup internal DNS and point the site resolution to the internal IP directly.

Then as you stated, you can do the following:

cat << 'EOF' >/etc/nginx/private.conf
allow 192.168.1.0/24;
deny all;
EOF

site.conf:

include                 /etc/nginx/private.conf;
FreeSoftwareServers
  • 2,271
  • 1
  • 33
  • 57