Restricting Admin from Reverse Proxy

So we wanted to allow FileCloud access through our Firewall via a Nginx reverse proxy. However we didn’t want to allow admin access.

So I am using the following nginx.conf file:

server {
        listen 80 default_server;
        server_name files.domain;
        return 301 https://files.domain$request_uri;
}

server {
    listen 443 default_server;
    server_name files.domain;
    ssl_certificate           /etc/nginx/filecloud/server-bundle.pem;
    ssl_certificate_key       /etc/nginx/filecloud/server.key;
    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log            /var/log/nginx/access.log;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # Fix the .It appears that your reverse proxy set up is broken" error.
        proxy_pass          https://INTERNAL_IP;
        proxy_buffering     off;
        chunked_transfer_encoding on;
        client_max_body_size 100M;
        proxy_read_timeout  90;
    }

    # Restrict Admin pages through Reverse Proxy
    location ^~ /admin {
        proxy_pass          https://INTERNAL_IP/error;
    }
    location ^~ /ui/admin {
        proxy_pass          https://INTERNAL_IP/error;
    }

}

I wanted to post this because this seems to work for me. However I wonder if I could be this better or if I’m missing anything.

Bob

@bob.brandt

Yes, this is perfect in restricting the access to the admin page from the reverse proxy. :slight_smile:

1 Like