SolusVM Documentation
Page tree
Skip to end of metadata
Go to start of metadata

IP Filtering

  1. Connect to the master server via SSH

  2. Create the additional configuration file in /usr/local/svmstack/nginx/conf/services/ directory:

    # touch /usr/local/svmstack/nginx/conf/services/blockip.conf

  3. Set up list of allowed/denied IP addresses, here is an example:

    deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all; 

    Check for more information on Nginx documentation portal

  4. (Optional) In case of the WHMCS module or otherwise accessing SolusVM graphs via API /graphs directory should be excluded from IP restriction. Open the file `/usr/local/svmstack/nginx/conf/services/custom/legacy-master-after-php-location-443.conf` and add the following:

    location /graphs{
allow all;
}


  5. Restart the service to apply the changes:

    # systemctl restart svmstack-nginx.service

    OR

    # /etc/init.d/svmstack-nginx restart

Additional authentication for AdminCP area

  1. Connect to the master server via SSH

  2. Create a file that will contain login/password pairs:

    # touch /usr/local/svmstack/nginx/.htpasswd
  3. Add login and password pair. Replace solusvmadmin with required login name. Do not forget ":" delimiter sign at the end of the login name:


    # sh -c "echo -n 'solusvmadmin:' >> /usr/local/svmstack/nginx/.htpasswd"
# sh -c "openssl passwd -apr1 >> /usr/local/svmstack/nginx/.htpasswd"

  4. Create a backup of the /usr/local/svmstack/nginx/conf/services/legacy-master.conf file:

    # cp -a /usr/local/svmstack/nginx/conf/services/legacy-master.conf /root/ 

  5. Customize the file and add the following directive to the end of "server" section fo 5656 and 443 ports:

    location ^~ /admincp/ {
	auth_basic "Restricted Content";
	auth_basic_user_file /usr/local/svmstack/nginx/.htpasswd;
	location ~ \.php$ {
		include services/custom/legacy-master-inside-php-location-443.conf;
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_read_timeout 3600;
		fastcgi_pass unix:/usr/local/svmstack/fpm/socket/web.sock;
		fastcgi_index index.php;
		include fastcgi.conf;
		fastcgi_param HTTPS $https;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}
}

  6. After that restart the service to apply the changes:

    # systemctl restart svmstack-nginx.service

    OR

    # /etc/init.d/svmstack-nginx restart
  • No labels