Created
January 20, 2025 09:24
-
-
Save cernoel/47bc8ae59212c258387af065574b0ade to your computer and use it in GitHub Desktop.
Example of limit except get, where only get is allowed publicy, and allow certain IPs to use other http methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name SERVICE.MY.DOMAIN; | |
| listen 443 ssl; | |
| ssl_certificate /etc/ssl/private/MY.DOMAIN/server.crt; | |
| ssl_certificate_key /etc/ssl/private/MY.DOMAIN/server.key; | |
| # block anything except /v2/* | |
| if ($request_uri !~ ^/$|^/v2/) { return 403; } | |
| # tell nginx what to do with /v2/* -> upstream | |
| location / { | |
| #proxy_ssl_server_name on; | |
| proxy_pass http://service_host.hosts.MY.DOMAIN; | |
| proxy_http_version 1.1; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| # that this will limit access to all methods except GET and HEAD. | |
| limit_except GET { | |
| # only allow 1.2.3.4 to push | |
| allow 1.2.3.4/32; | |
| #allow 5.6.7.8/32; | |
| deny all; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment