Enabling IP access control via Nginx

Overview

In addition to protecting your application (or parts of it) using HTTP basic authentication, you can use CustomConfig to block (or allow) access to your application based on IP addresses.

Read this first

You can do this more quickly and reliably using Maestro's built-in IP filtering feature. This guide is only for users who prefer to configure Nginx directly.

Set up IP access control manually

To accomplish this:

  1. Create a file in the root of your repository called blockips.conf. This file will contain the IPs you wish to allow/deny.

  2. To deny a single IP address, you can use the following syntax:
    deny 1.2.3.4;
    

    You can also deny an entire subnet as follows:

    deny 91.212.45.0/24;
    

    Should you wish to only allow access to your IP address, do this:

    allow 1.2.3.4/24; deny all; 
    

    There are lots of resources about this syntax on the Internet in case you need more guidance.

  3. Now we can go ahead and customize the Nginx configuration, which you can see more about in our Nginx CustomConfig documentation.

    You will want to add the following code within the http section of your configuration, for example on line 22.

    include {{ deploy_to }}/current/blockips.conf;
    

    This will read the file from your repository directory on the server. Once you save that configuration, it will apply immediately on your server.