Add optional IP restriction for nginx site configs

2024-10-19 21:08:15 -04:00 · 2024-10-19 21:08:15 -04:00 · 3102c621f0
commit 3102c621f0
parent e3f03edf3f
1 changed files with 7 additions and 1 deletions
--- a/roles/proxy/templates/server-nginx.conf.j2
+++ b/roles/proxy/templates/server-nginx.conf.j2
@ -35,7 +35,13 @@ server {
  client_max_body_size {{ item.client_max_body_size }};
 {% endif %}
  location / {
-{% if item.restrict is defined and item.restrict  %}
+{% if item.allowedips is defined %}
+{% for ip in item.allowedips %}
+    allow {{ ip }};
+{% endfor %}
+    deny all;
+{% endif %}
+{% if item.restrict is defined and item.restrict %}
    auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
    auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
    proxy_set_header Authorization "";