nginxproxy limit access by ip

[MRatWork]

Declare 'location /' only permit 1 time per-server declare.

proxy.conf is include by every domains/defaults. You can see /home/nginx/conf/domains/yourdomain.com to know where "include '/home/nginx/conf/globals/proxy.conf';" or "include '/home/nginx/conf/globals/custom.proxy.conf';"

[crossing]

I get this error on nginx service restart :

nginx: [emerg] duplicate location "/" in /home/nginx/conf/globals/custom.proxy.conf:94
nginx: configuration file /etc/nginx/nginx.conf test failed

[crossing]

After all where should I add the

Code: [Select]

location / {
      allow 11.234.23.4;
      deny all;
    }
in order for limit access by IP only for one website ?

And why nginx restart fail after following your steps ?

[crossing]

Works but affects all domains , It looks like I only had to add this lines inside location / {..}:

Code: [Select]

 allow 11.234.23.4;
      deny all;
I need to block access by ip on a single website.

[MRatWork]

Try this code inside '/home/nginx/conf/globals/custom.proxy.conf':

Code: [Select]

   proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_bypass $cookie_session;
    proxy_no_cache $cookie_session;

    ## MR - increasing upload size to 64M (declare inside 'location /' not work
    client_max_body_size 64M;
    client_body_buffer_size 128k;

    proxy_connect_timeout 180s;
    proxy_send_timeout 180s;
    proxy_read_timeout 180s;
    #proxy_buffers 32 4k;
    proxy_buffers 8 128k;
    proxy_buffer_size 128k;

    ### MR -- change enable = @wp when using wordpress
    error_page 404 /404.html;

    location = /404.html {
        root '/usr/share/nginx/html';
    }

    error_page 500 502 503 504 /50x.html;

    location = /50x.html {
        root '/usr/share/nginx/html';
    }

    ### MR -- must be using nginx-special (including ngx_purge_cache)
    location ~ /purge(/.*) {
        ### MR -- just enough remove # below for enable
        #proxy_cache_purge pcache "$scheme://$host$1$request_method";
        allow 127.0.0.1;
        deny all;
    }

    location / {

        if ($host = 'flexijob.ro') {
            allow 11.234.23.4;
            deny all;
        }

        limit_conn addr 25;

        ## MR - no need try_files because permalink handle by apache
        #try_files $uri $uri/ /index.php;

        proxy_pass http://127.0.0.1:30080/;

        proxy_redirect off;

        ## MR - change $host to $domain importance for access via ip on exclusive ip domain but add X-Host still with $host
        proxy_set_header Host $domain;
        proxy_set_header X-Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $remote_addr;
   
        proxy_pass_header Set-Cookie;

        proxy_headers_hash_max_size 512;

        ### MR -- just enough remove # below for enable cache
        #proxy_cache pcache;
        proxy_cache_valid 10m;
        proxy_cache_valid 404 1m;

        proxy_cache_key "$scheme://$host$request_uri";

        proxy_cache_use_stale error timeout invalid_header
                              http_500 http_502 http_504 http_404;

        open_file_cache max=1024 inactive=600s;
        open_file_cache_valid 2000s;
        open_file_cache_min_uses 1;
        open_file_cache_errors on;
    }

    ### MR -- Enable this if not using nginx cache and not for wordpress
#    location ~* ^.+.(jpe?g|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3)$ {
#        expires 2d;
#        access_log off;
#        root $rootdir;
#    }

    location ~ /.ht {
        deny all;
    }

    if (-f $request_filename) {
        break;
    }
 
    if (-d $request_filename) {
        break;
    }



[crossing]

I did->

service nginx restart:

nginx: [emerg] "allow" directive is not allowed here in /home/nginx/conf/globals/custom.proxy.conf:41

[MRatWork]

Ok, try add inside /etc/nginx/conf.d/custom.conf file with content:

Code: [Select]

       if ($host = 'flexijob.ro') {
            allow 11.234.23.4;
            deny all;
        }

and delete custom.proxy.conf and running again 'sh /script/fixweb; sh /script/restart-web'.

[crossing]

Did you meant /etc/nginx/conf.d/virtual.conf ? No custom.conf there.

[crossing]

I created file 'virtual.conf' here ' /etc/nginx/conf.d/' with contenet:

 

Code: [Select]

if ($host = 'flexijob.ro') {
            allow 11.234.23.4;
            deny all;
        }


nginx: [emerg] "if" directive is not allowed here in /etc/nginx/conf.d/custom.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

[MRatWork]

So, only possibility in 'server' directive.

[crossing]

Which means I can't do it for specified domain.