Securing our Nginx proxy server

This is the most important piece in the Nginx set up. In this section, we will see how to restrict access to our server using basic authentication. This will be very important for our REST API servers because, let us suppose we have servers X, Y, and Z that talk to each other. X can serve clients directly, but X talks to Y and Z for some information by calling an internal API. Since we know that clients should not access Y or Z, we can make it so that only X is allowed to access the resources. We can allow or deny the IP addresses using the nginx access module. It looks like this:

location /api {
    ...
    deny 192.168.1.2;
    allow 192.168.1.1/24;
    allow 127.0.0.1;
    deny all;
}

This configuration tells Nginx to allow requests from clients ranging 192.168.1.1/24, excluding 192.168.1.2. The next line says to allow requests from the same host and block all other requests from any other client. The complete server block looks like this:

server {
    listen 80 default_server;
    root /usr/share/nginx/html;

    location /api {

        deny 192.168.1.2;
        allow 192.168.1.1/24;
        allow 127.0.0.1;
        deny all;
    }
}

For more information regarding this, see the documentation at nginx_http_access_module. We can also add password-secured access to our Nginx served static files. It is mostly not applicable to the API because there, the application takes care of authenticating the user.

Table of Contents for Securing our Nginx proxy server

Create new playlist

Sign In

Sign Up

Table of Contents for
Securing our Nginx proxy server