Nginx access from different subnets


#1

Our system running on nginx-server. It is very flexible server which can control access by ip for more security. So you can use it in your configuration. By the way, it is possible to divide access singly to admin and singly to portal.
To make it you have to change one file. If you use “ssl” it will be /etc/nginx/sites-available/splynx-ssl, else - without “ssl”, change /etc/nginx/sites-available/splynx.
Find there block:

location / {
               try_files $uri $uri/ /index.php?$args;
}

location ~ \.(php)$ {
...

and between this two “location” - you have to insert

        location /admin {
                deny  192.168.1.1;
                allow 192.168.1.0/24;
                allow 10.1.1.0/16;
                allow 2001:0db8::/32;
                deny  all;
                try_files $uri $uri/ /index.php?$args;
        }

        location /portal {
                allow 192.168.1.0/24;
                allow 10.10.0.0/24;
                deny all;
                try_files $uri $uri/ /index.php?$args;
        }

The rules are checked in sequence until the first match is found. More information - http://nginx.org/en/docs/http/ngx_http_access_module.html

To insert correctly look at the screenshot: