1 (edited by tyllee 2016-03-24 23:04:11)

Topic: Restrict access to iredadmin NGINX

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: deb 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

I want to restrict access to iredadmin to certain ip-addresses. This is how I solved it so far. Is there a more preferred way to achieve this or is this a solid solution?

Se below:

/etc/nginx/templates/iredadmin.tmpl
...
# Python scripts
location ~ ^/iredadmin(.*) {
    rewrite ^/iredadmin(/.*)$ $1 break;
    include uwsgi_params;
    uwsgi_pass unix:/var/run/uwsgi_iredadmin.socket;
    uwsgi_param UWSGI_CHDIR /opt/www/iredadmin;
    uwsgi_param UWSGI_SCRIPT iredadmin;
    uwsgi_param SCRIPT_NAME /iredadmin;

# Restrict iredadmin

    allow 111.111.111.111; # static ip
    allow 192.168.1.0/24; # ip range
    allow 127.0.0.1;
    deny  all;
}
....

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Restrict access to iredadmin NGINX

This might be the easiest and best way to restrict access.
Or, do you prefer to store these IP addresses/networks in SQL database and manage with iRedAdmin-Pro?

3

Re: Restrict access to iredadmin NGINX

ZhangHuangbin wrote:

This might be the easiest and best way to restrict access.
Or, do you prefer to store these IP addresses/networks in SQL database and manage with iRedAdmin-Pro?

This solution suits me very well. Wanted to confirm the configuration. No need for this in iRedAdmin-Pro.

Thanks for the quick reply!