Reputation: 528
Enable reverse proxy and block access to the original port
I am hosting an app (Kibana) on port 5601. I want to restrict access to it by whitelisting IPs, so I am trying to host it behind Nginx. Below is my Nginx conf.
server {
listen *:5700;
server_name _;
allow 10.20.30.40; # My IP
deny all;
location / {
proxy_pass http://localhost:5601;
}
}
It works as only I can access the app on port 5700 and everyone else gets a 403. However, others can directly goto localhost:5601 and bypass the whole security. How do I stop direct access to port 5601?
Upvotes: 1
Views: 2210
Answers (1)
Reputation: 9353
localhost:5601 is a connection only accessible to users/processes running on the same host that is running Nginx & Kibana. It needs to be there so that Nginx can proxy_pass traffic to Kibana.
However, I think you are talking about external users also connecting to port 5601 from remote systems.
Kibana does not need to listen to traffic from external systems on port 5601. Note that by default at least some Kibana installs do not listen to external systems and you may not need to make any changes.
However to be sure:
- Edit your
kibana.ymlfile (possibly /etc/kibana/kibana.yml) - Ensure that
server.host: "localhost"is the only server.host line and is not commented out - Restart Kibana
To further manage your system using best practices. I would strongly recommend operating some form of firewall and only opening access to ports and protocols which you expect external users to need.
Upvotes: 1
Related Questions
- Block a specific port in Nginx
- nginx reverse proxy depends on requested port
- How setup location block to strip port from url
- How to block port server from http request
- How to restrict ip access in nginx
- NGINX: How do I remove a port when performing a reverse proxy?
- nginx reverse proxy stop port override
- Removing Port number from nginx running on non standard port
- how to expose server port in upstream block of Nginx configuration?
- Block private port NGINX reverse proxy with 2 express apps