block direct ip access to NPM

[AndreaSchwibbert]

hi, can you help me to disable direct IP http/https access to nginx proxy ?
I would like to nginx stop answer to http://51.68.245.98/ and https://51.68.245.98/ for example and discard connection

[instantdreams]

I'm also interested in this function.

According to an article I found, this can be done by adding the following to the configuration file of NGINX:

allow all;
deny [ip.add.re.ss];
deny [ip.add.re.ss];

The approach I'm taking is to investigate the custom configuration options of NPM. I am hoping to identify which of the files to use and add the code block to a file in my github repo for my edge servers, then I can pull the configuration and do a docker-compose down and docker-compose up --detach to reload the configuration.

Does anyone have any direction on this? Anyone done it before?

[instantdreams]

I tried the following in root.conf:

allow all;
deny [ip.add.re.ss];
deny [ip.add.re.ss];
deny [ip.add.re.ss];

The logs showed the following issue:

npm_app | nginx: [emerg] "allow" directive is not allowed here in /data/nginx/custom/root.conf:1

I removed the allow all; and tried again. I got the same message for deny:

nginx: [emerg] "deny" directive is not allowed here in /data/nginx/custom/root.conf:1

I guess it's not best used in root.conf :)

[instantdreams]

I only have proxy hosts configured, so of course it should be in server_proxy.conf. I renamed root.conf to server_proxy.conf and refreshed the docker container. Everything is running fine.

I'd love to be able to either attach to the container (docker exec -it npm_app bash) or run a command to show the generated nginx.conf file to check it, but so far this seems to be working.