Hello.
I need to restrict access by ip to /admin location.
Is there a way to include file with allow/deny directives only in /admin location ?
Or add allow/deny directives in admin location only?
allow 1.1.1.1;
deny all;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: dev.example.com
http:
paths:
- backend:
serviceName: test-service
servicePort: 80
path: /
- backend:
serviceName: test-service
servicePort: 80
path: /admin
tls:
- hosts:
- dev.example.com
secretName: https-example
Thank you.
@Sarga
Unfortunately, there is no way to include that for the /admin location using annotations.
However, It is possible to add some conditional logic to the template file. For example, the following code generates <your-nginx-directives> only for /admin locations:
{{if eq $location.Path "/admin"}}
<your-nginx-directives>
{{end}}
@pleshakov
Thank you !
I don't want to build ingress with custom template, so I chose another way with server-snippets.
But look like in the future I will have to make a custom template
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.org/server-snippets: |-
location /admin {
allow x.x.x.x;
deny all;
proxy_http_version 1.1;
proxy_redirect off;
proxy_intercept_errors on;
proxy_set_header Connection "";
proxy_set_header X-CF-Visitor $http_cf_visitor;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://devns-quests-ingress-dev.example.com-some-service;
}
Most helpful comment
@pleshakov
Thank you !
I don't want to build ingress with custom template, so I chose another way with server-snippets.
But look like in the future I will have to make a custom template