I have an nginx reverse proxy for multiple domains one of which i want to restrict access to unless connected to VPN. So i have added allow for the vpn ip addresses for this one particular server and it's denying access no matter whether i'm connected to the vpn or not.
If it helps it's a bare metal server with fasthosts and using the vpn supplied with my account, here is the config (this runs inside a docker container which forwards traffic down private network to other servers running docker swarm). I have substituted the vpn ip addresses for X:
server {
listen 80;
listen 443 ssl;
allow xx.x.xxx.xxx;
allow xx.x.xxx.xxx;
deny all;
ssl_certificate /usr/local/etc/ssl/certs/live/example.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/ssl/certs/live/example.com/privkey.pem;
ssl_session_timeout 10m;
ssl_verify_client off;
server_name admin.example.com;
error_log /usr/share/nginx/logs/error-admin.log;
access_log /usr/share/nginx/logs/access-admin.log;
client_max_body_size 1024M;
gzip_http_version 1.0;
gzip on;
gzip_proxied any;
gzip_types
image/jpeg
image/jpg
image/png
image/gif
image/bmp
video/mp4
application/octet-stream;
location / {
proxy_read_timeout 1800;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_next_upstream error timeout http_502;
proxy_next_upstream_tries 10;
proxy_pass http://admin;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_session_reuse on;
proxy_http_version 1.1;
proxy_set_header X-XSS-Protection 1;
proxy_set_header X-Content-Type-Options nosniff;
proxy_set_header Referrer-Policy origin;
proxy_set_header X-Frame-Options DENY;
proxy_set_header Host admin.gofollow.vip;
proxy_request_buffering off;
}
}
UPDATE
It seems that nginx inside docker isn't seeing the proper client ip address
