Nginx is a web server that is commonly used as a reverse proxy, mail proxy, a load balancer, and HTTP cache. It was initially released on October 4th, 2004, and since then, it has gained a strong reputation among the web community.
According to a web server survey in 2016, Nginx was the second-most widely used web server in the category of ‘active’ sites. As of February 2020, Netcraft valued Nginx served at least 36.48% of all active websites ranked, ranking it first above Apache at 24.51%.
Nginx is designed to offer low memory usage and high concurrency. On the web, several requests are made each second. Nginx uses concurrent technology and event-driven approach where each request is handled via a single thread, rather than generating new processes for each web request that comes its way.
Some noticeable features seen in Nginx include:
1. Open NGINX configuration file
Run the following command if you are using NGINX’s main configuration file
$ sudo vi /etc/nginx/nginx.conf
If you have configured separate virtual hosts for your website (e.g www.example.com), then open its configuration with the following command:
$ sudo vi /etc/nginx/sites-enabled/example.conf
2. Whitelist IP in Nginx
For example, if you wish to whitelist IP 34.46.12.32 for a particular domain or a particular website, you simply have to add the following format in your configuration file.
allow 34.46.12.32;
deny all;
By adding the above format, Nginx will deny all requests coming from different IPs except the IP 34.46.12.32.
Add the above lines in any of the http, server or location / blocks as shown below
http{
…
allow 34.46.12.32;
deny all;
…
}
server{
…
allow 34.46.12.32;
deny all;
…
}
location / {
allow 34.46.12.32;
deny all;
}
Assuming you have two subdomains (blog.xyz.com and news.xyz.com) with their Nginx config files at /etc/nginx/sites-enabled/blog.conf and /etc/nginx/sites-enabled/news.conf
If you are looking to whitelist IP in Nginx for a single subdomain (blog.xyz.com) then add the above-mentioned 2 lines in blog.conf file of that subdomain.
$ sudo vim /etc/nginx/sites-enabled/blog.conf
In the file itself, add the following:
server {
server blog.xyz.com;
allow 34.46.12.32;
deny all;
}
If you are looking to whitelist IP for both subdomains, then add the 2 lines in both blog.conf and news.conf files.
Use the CIDR format for your IP range if you wish to allow an IP range such as 34.46.12.0 – 34.46.12.255. This is because Nginx accepts only IP addresses and CIDR formats.
location / {
allow 34.46.12.0 /35;
deny all;
}
If you wish to whitelist IP for just a single URL (e.g /accounts/login) then add the above allow directive in the location block of that URL.
location /accounts/login {
allow 34.46.12.32;
deny all;
}
If you want to allow access to multiple IP addresses in Nginx, simply add the following information, one for each IP
allow 34.46.12.32;
allow 34.46.12.10;
deny all;
You also have the option to combine IP and CIDR ranges together. Here’s the process:
allow 34.46.12.10;
allow 34.46.12.0/35;
deny all;
3. How to Restart Nginx
Run the command $ sudo nginx –t to check syntax of your updated config file.
If you don’t come across any errors, run the following command to restart the Nginx server:
$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos
That’s all it takes! You now have the entire process of whitelisting IP on Nginx, its IP ranges, and how to restart Nginx.