Only allow certain IPs to access the server in reverse proxy

misaki · January 22, 2021, 3:59am

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

system service

a. System environment:

Ubuntu Server 18.04 LTS

b. Command:

systemctl start caddy

c. Service/unit/compose file:

Same as official doc in dist/init/caddy.service at master · caddyserver/dist · GitHub

d. My complete Caddyfile or JSON config:

my.website {
        reverse_proxy  127.0.0.1:8080
}

3. The problem I’m having:

I am doing reverse proxy. I want to allow certain IPs to have access to the web interface on port 8080, and reject others (may return 403 not allowed). How to achieve it ?

The counterpart of config in nginx server is

allow <ip1>;
allow <ip2>;
deny all;

4. Error messages and/or full log output:

Not applicable

5. What I already tried:

set remote_ip directive

my.website {
        reverse_proxy  127.0.0.1:8080
        remote_ip <ip1> <ip2> <ip3> 
}

The error says unrecognized directive: remote_ip

6. Links to relevant resources:

francislavoie · January 22, 2021, 4:16am

remote_ip is not a directive, it’s a matcher.

And read about the named matcher syntax here:

You’d use it something like this:

@blocked not remote_ip <ip1> <ip2> <ip3>
respond @blocked "Nope" 403

misaki · January 22, 2021, 4:34am

Thanks, it works

system · February 21, 2021, 3:59am

This topic was automatically closed after 30 days. New replies are no longer allowed.