ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Nginx Allow Domain Instead Of IP Address

    Scheduled Pinned Locked Moved IT Discussion
    nginx
    12 Posts 4 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NashBrydgesN
      NashBrydges
      last edited by

      I've easily setup the allow/deny rules in Nginx config files to limit access to a particular site based on IP address but what I'm trying to figure out is if there's a way to have similar rules based on domain names. I have a client who wants to limit access to his company portal to his satellite offices however still wants access from home for he and his executive team which are obviously dynamic IP addresses. He's already setup a DDNS service and can resolve his home IP address from the domain name. I'd like to be able to force Nginx to also resolve the IP based on that same domain name.

      Anyone ever successfully set that up? My google-fu is failing me on this one.

      1 Reply Last reply Reply Quote 0
      • A
        Alex Sage
        last edited by

        This is kinda what you want to do....

        https://mangolassi.it/topic/15008/pihole-for-friends-and-family/

        NashBrydgesN 1 Reply Last reply Reply Quote 0
        • A
          Alex Sage
          last edited by

          Or maybe this?

          https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

          NashBrydgesN Emad RE 2 Replies Last reply Reply Quote 0
          • NashBrydgesN
            NashBrydges @Alex Sage
            last edited by

            @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

            This is kinda what you want to do....

            https://mangolassi.it/topic/15008/pihole-for-friends-and-family/

            Not exactly. In this setup, the server firewall controls who can access. The way I have it setup is that the Nginx config file is managing the allow/deny rules and displays a 403 error for any IP not in the allow list.

            Although I suppose that if I can't find a way to have Nginx resolve the IP to manage the allow/deny, this could be an option. Was trying to avoid relying on external functions but this could work at the server level. Only thing is, the visitor won't get the 403 error page.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • NashBrydgesN
              NashBrydges @Alex Sage
              last edited by

              @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

              Or maybe this?

              https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

              Not really an option since I'm allowing a range of IPs assigned to the company in the Nginx config file. It wouldn't be viable to setup a cert on every endpoint in the company to allow access to the portal. This option works great if you're dealing with only a few endpoints that don't often change.

              JaredBuschJ A 2 Replies Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @NashBrydges
                last edited by

                @nashbrydges said in Nginx Allow Domain Instead Of IP Address:

                @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

                This is kinda what you want to do....

                https://mangolassi.it/topic/15008/pihole-for-friends-and-family/

                Not exactly. In this setup, the server firewall controls who can access. The way I have it setup is that the Nginx config file is managing the allow/deny rules and displays a 403 error for any IP not in the allow list.

                Although I suppose that if I can't find a way to have Nginx resolve the IP to manage the allow/deny, this could be an option. Was trying to avoid relying on external functions but this could work at the server level. Only thing is, the visitor won't get the 403 error page.

                What he actually means is that in that thread they setup a method to check DynDNS resolution for updates and then subsequently update the firewall rules for the new IP address. So the only external funciton would be a script on your Nginx box that runs and updates the conf file and then reloads nginx.

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @NashBrydges
                  last edited by

                  @nashbrydges said in Nginx Allow Domain Instead Of IP Address:

                  @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

                  Or maybe this?

                  https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

                  Not really an option since I'm allowing a range of IPs assigned to the company in the Nginx config file. It wouldn't be viable to setup a cert on every endpoint in the company to allow access to the portal. This option works great if you're dealing with only a few endpoints that don't often change.

                  You could simply setup a second URL for external access and use certificate signing on that URL only. not

                  NashBrydgesN 1 Reply Last reply Reply Quote 1
                  • NashBrydgesN
                    NashBrydges @JaredBusch
                    last edited by

                    @jaredbusch said in Nginx Allow Domain Instead Of IP Address:

                    @nashbrydges said in Nginx Allow Domain Instead Of IP Address:

                    @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

                    Or maybe this?

                    https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

                    Not really an option since I'm allowing a range of IPs assigned to the company in the Nginx config file. It wouldn't be viable to setup a cert on every endpoint in the company to allow access to the portal. This option works great if you're dealing with only a few endpoints that don't often change.

                    You could simply setup a second URL for external access and use certificate signing on that URL only. not

                    This is an option I hadn't thought of. That could work well.

                    1 Reply Last reply Reply Quote 0
                    • A
                      Alex Sage @NashBrydges
                      last edited by

                      @nashbrydges said in Nginx Allow Domain Instead Of IP Address:

                      @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

                      Or maybe this?

                      https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

                      Not really an option since I'm allowing a range of IPs assigned to the company in the Nginx config file. It wouldn't be viable to setup a cert on every endpoint in the company to allow access to the portal. This option works great if you're dealing with only a few endpoints that don't often change.

                      You could push the certificate to all the clients, using AD, Salts, etc.

                      1 Reply Last reply Reply Quote -1
                      • Emad RE
                        Emad R @Alex Sage
                        last edited by

                        @aaronstuder said in Nginx Allow Domain Instead Of IP Address:

                        Or maybe this?

                        https://mangolassi.it/topic/14787/how-to-setup-nginx-tls-certificate-based-authentication-vpn-alternative

                        The person that wrote this guide is such a douche

                        1 Reply Last reply Reply Quote 0
                        • NashBrydgesN
                          NashBrydges
                          last edited by

                          Ok, I just found a ridiculously simple way of doing this. I'll post the how-to in a different thread.

                          1 Reply Last reply Reply Quote 1
                          • A
                            Alex Sage
                            last edited by

                            https://mangolassi.it/topic/15267/how-to-allow-site-access-in-nginx-by-ddns-instead-of-by-ip

                            1 Reply Last reply Reply Quote -1
                            • 1 / 1
                            • First post
                              Last post