[DOCKER] How to limit IP address only to a specific directory with laravel + nginx

When you set up a web server with laravel and nginx, you often want to limit IP addresses only to specific directories. : frowning2: IP address restriction can be done on the laravel side, but I did not find many setting examples when setting it with laravel + nginx, so I summarized it.

If the number of IP addresses you want to allow is one, place it appropriately

if($_SERVER["REMOTE_ADDR"] !== "xxx.xxx.xxx.xxx"){
   abort(403);
}

Anyway, I should write it, but as the number increases, it gets a little annoying. If additional IP addresses are specified on a subnet-by-subnet basis. .. .. : joy:

Prerequisite laravel + nginx environment construction

Docker Nginx laravel

For the environment construction of laravel + nginx + docker, which is the premise of this article, refer to this @ ucan-lab's god article.

https://qiita.com/ucan-lab/items/5fc1281cd8076c8ac9f4

Laravel + nginx configuration file that limits IP addresses only to specific directories

I have omitted the parts that are not related to the settings, so please refer to the above God article for the settings of nginx.

nginx.conf



    #The following two are the basic settings for running laravel on nginx.
    #All requests are indexed as laravel root.Redirect to php
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # .Process php files with fastcgi
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    #This is the main subject of directory IP restrictions.
    # admin/Example of restricting directories
    location /admin/ {
        try_files $uri $uri/ /index.php?$query_string;
        # allow ip list
        allow xxx.xxx.xxx.xxx;
        allow yyy.yyy.yyy.yyy;
        deny all;
    }

Setting points

If only the following location settings are used, nginx will try to display the files under / admin / as they are, so it will not work as laravel.

    location /admin/ {
        allow yyy.yyy.yyy.yyy;
        deny all;
    }

So I had to rewrite the settings to redirect to index.php in location.

try_files $uri $uri/ /index.php?$query_string;

Of course, you can also specify by subnet.

allow 192.168.1.0/24;

However, since the security settings of the entire application will be distributed to multiple places, in the controller under / admin / or route.php etc.

/*

IP address restriction is done on the nginx side

*/

If you comment, ** your future self ** and the ** successor ** who took over will be saved. e? Do you usually know where you set security?

It's sweet: cake:

end

** Now you have IP address restrictions on specific directories in laravel. **: relaxed:

Laravel security related articles that you should read together

How to lock out and further improve security if continuous login fails with laravel https://qiita.com/reopa_sharkun/items/7def0cc0a8647df10ade

If you find this article helpful : clap: Please support by pressing the ↓ button ↓: relaxed:

Recommended Posts

How to limit IP address only to a specific directory with laravel + nginx
How to run only specific files with gem's rake test
How to monitor nginx with docker-compose with datadog
Add class only to specific elements with V-for
How to save a file with the specified extension under the directory specified in Java to the list
How to make a factory with a model with polymorphic association
I want to monitor a specific file with WatchService
[How to insert a video in haml with Rails]
[Java] How to erase a specific character from a character string
How to make Laravel faster with Docker for Mac
Use java1.7 (zulu7) under a specific directory with jenv
[Rails] How to load JavaScript in a specific view
How to get started with creating a Rails app
[IOS] To allow rotation of only a specific screen
[Kotlin] How to get IP address and user agent
[Java] How to start a new line with StringBuilder
How to divide a two-dimensional array into four with ruby
How to use a foreign key with FactoryBot ~ Another solution
Learning Ruby with AtCoder 13 How to make a two-dimensional array
Uppercase only the specified range with substring. (How to use substring)
How to test a private method with RSpec for yourself
How to move another class with a button action of another class.
[Docker] Delete only the volume associated with a specific container
Mapping to a class with a value object in How to MyBatis
[ruby] Creating a program that responds only to specific conditions
How to set up a proxy with authentication in Feign
How to register as a customer with Square using Tomcat
How to leave a comment
How to set Docker nginx
How to number (number) with html.erb
How to update with activerecord-import
How to insert a video
How to create a method
I want to recursively search for files under a specific directory
How to set the IP address and host name of CentOS8
How to cancel cell merging within a specified range with POI
How to make a jar file with no dependencies in Maven
How to run a job with docker login in AWS batch
How to rename a model with foreign key constraints in Rails
How to open a script file from Ubuntu with VS code
[chown] How to change the owner of a file or directory
kotlin & Java: How to hide the toolbar only for specific fragments
How to build a little tricky with dynamic SQL query generation