I'm using keycloak and it is running on public ip and admin console also accessible via public ip and I'm using nginx web server. I have a requirement that the admin console should be accessible only on private ip. Other URL's should work normally on public ip/domain name.
Now, Ex: domain_name/auth and domanin_name/auth/realm/admin and other urls is accessible publicly.
Requirement: Only this admin console domanin_name/auth/realm/admin url should be accessible only through private ip.
Can this be done through nginx rules?
Please anyone help me on this.
Below is the configuration which I'm trying but it is not working as expected.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
rewrite ^/(.*) /$1 break;
proxy_ignore_client_abort on;
proxy_pass http://localhost:8880;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /auth/realms/master {
allow 127.0.0.1;
deny all;
#try_files $uri $uri/ =404
}
}
You can use multiple server entries and
allowanddenyas you already did:Hope that helps.