Robosats/robosats-deploy
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats-deploy.git synced 2026-01-03 22:05:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Admin access more restrictive

Browse Source 
Allow local IPs and the admin onion address to access /coodinator
This commit is contained in:
gabbygator184
2024-09-21 15:05:07 -03:00
parent d3f3291ebb
commit 9edf8399ed
2 changed files with 49 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
compose/nginx/mn.conf.d/local.conf
View File

@ -14,6 +14,18 @@ upstream robosats_daphne_websocket {
server localhost:9000; server localhost:9000;
} }
# Define a variable for allowed IPs
geo $allowed_localIP {
default 0;
192.168.0.0/16 1; # Allows access for IPs in the range 192.168.0.0/16 (192.168.0.0 ~ 192.168.255.255)
#192.168.x.x 1; # or use your local IP for more security and remove the above line
}
map $host $allowed_onion {
default 0;
"~*your-robotest-admin-onion-address\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server # now we declare our main server
server { server {
@ -42,9 +54,18 @@ server {
} }
location /coordinator { location /coordinator {
# Blocks admin access from the public onion address # Denies any access by default
if ($host ~* "robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion") { set $allow_access 0;
return 403; # Forbidden
if ($allowed_localIP = 1) {
set $allow_access 1; # Allows access for local IPs
}
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
}
if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
} }
proxy_pass http://robosats_gunicorn_rest; proxy_pass http://robosats_gunicorn_rest;

29
compose/nginx/tn.conf.d/local.conf
View File

@ -14,6 +14,18 @@ upstream robosats_daphne_websocket {
server localhost:9000; server localhost:9000;
} }
# Define a variable for allowed IPs
geo $allowed_localIP {
default 0;
192.168.0.0/16 1; # Allows access for IPs in the range 192.168.0.0/16 (192.168.0.0 ~ 192.168.255.255)
#192.168.x.x 1; # or use your local IP for more security and remove the above line
}
map $host $allowed_onion {
default 0;
"~*your-robotest-admin-onion-address\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server # now we declare our main server
server { server {
@ -41,12 +53,21 @@ server {
} }
location /coordinator { location /coordinator {
# Blocks admin access from the public onion address # Denies any access by default
if ($host ~* "robotestagw3dcxmd66r4rgksb4nmmr43fh77bzn2ia2eucduyeafnyd.onion") { set $allow_access 0;
return 403; # Forbidden
if ($allowed_localIP = 1) {
set $allow_access 1; # Allows access for local IPs
}
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
} }
proxy_pass http://robosats_gunicorn_rest; if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
}
proxy_pass http://robosats_gunicorn_rest;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_redirect off; proxy_redirect off;