1

Topic: Restrict ip access to iredadmin

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I would like to restrict access to the iredadmin page to the localhost and an internal network.

In /etc/nginx/nginx.conf, I added the following line:

http {
     ...
     include acl-ip.conf;
}

I then created the acl-ip.conf file in /etc/nginx with the following content:

location ~ ^/iredadmin(.*) {
    # Access control
    allow 127.0.0.1;
    allow 192.168.178.0/24;
    deny all;
}

However, when reloading nginx, I get the following error:

Jun 28 00:43:58 mail nginx[69052]: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/acl-ip.conf:1
Jun 28 00:43:58 mail nginx[69052]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 28 00:43:58 mail systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 28 00:43:58 mail systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 28 00:43:58 mail systemd[1]: Failed to start A high performance web server and a reverse proxy server.

What am I doing wrong?

2

Re: Restrict ip access to iredadmin

Nevermind, I saw that /etc/nginx/sites-enabled/00-default-ssl.conf has an include parameter for /etc/nginx/templates/iredadmin.tmpl

After setting the necessary allow and deny parameters in iredadmin.tmpl and undoing my previous changes, all is fine!