Page tree
Skip to end of metadata
Go to start of metadata

IP Filtering

  1. Connect to the master server via SSH
  2. Create the additional configuration file in /usr/local/svmstack/nginx/conf/services/ directory:

    # touch /usr/local/svmstack/nginx/conf/services/blockip.conf
  3. Set up list of allowed/denied IP addresses, here is an example:

    deny 192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny all; 

    Check for more information on Nginx documentation portal

  4. Restart the service to apply the changes:

    # systemctl restart svmstack-nginx.service

    OR

    # /etc/init.d/svmstack-nginx restart

Additional authentication for AdminCP area

  1. Connect to the master server via SSH
  2. Create a file that will contain login/password pairs:

    # touch /usr/local/svmstack/nginx/.htpasswd
  3. Add login and password pair. Replace solusvmadmin with required login name. Do not forget ":" delimiter sign at the end of the login name:


    # sh -c "echo -n 'solusvmadmin:' >> /usr/local/svmstack/nginx/.htpasswd"
    # sh -c "openssl passwd -apr1 >> /usr/local/svmstack/nginx/.htpasswd"
  4. Create a backup of the /usr/local/svmstack/nginx/conf/services/legacy-master.conf file:

    # cp -a /usr/local/svmstack/nginx/conf/services/legacy-master.conf /root/ 
  5. Customize the file and add the following directive to the end of "server" section fo 5656 and 443 ports:

    location ^~ /admincp/ {
    	auth_basic "Restricted Content";
    	auth_basic_user_file /usr/local/svmstack/nginx/.htpasswd;
    	location ~ \.php$ {
    		include services/custom/legacy-master-inside-php-location-443.conf;
    		try_files $uri =404;
    		fastcgi_split_path_info ^(.+\.php)(/.+)$;
    		fastcgi_read_timeout 3600;
    		fastcgi_pass unix:/usr/local/svmstack/fpm/socket/web.sock;
    		fastcgi_index index.php;
    		include fastcgi.conf;
    		fastcgi_param HTTPS $https;
    		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    	}
    }
  6. After that restart the service to apply the changes:

    # systemctl restart svmstack-nginx.service

    OR

    # /etc/init.d/svmstack-nginx restart
  • No labels