I'm running Ubuntu Server 20.04, and have successfully set up netdata. My netdata's Nginx virtual host file looks like this:
upstream backend {
server 127.0.0.1:19999;
keepalive 64;
}
server {
auth_basic "Protected";
auth_basic_user_file /etc/nginx/netdata-passwords;
server_name netdata.example.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/netdata.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/netdata.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
ssl_trusted_certificate /etc/letsencrypt/live/netdata.example.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = netdata.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
}
}
and my stub_status.conf virtual host file looks like this:
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}
What do I need to do in my virtual host file to deny all IP addresses to netdata except my home address? Any examples would be much appreciated!
