Persistent custom nginx configuration
-
I would find it very useful if i could enter custom nginx rules (generally or per application), that would survive updates. Is this possible at the time beeing?
-
Generally we try to not expose such internals to the users, as they are inherently hard to test with regards to updates. Often though we can add a feature to "manage" such thing explicitly. What is the use-case for you and what would you like to add?
-
Generally we try to not expose such internals to the users, as they are inherently hard to test with regards to updates. Often though we can add a feature to "manage" such thing explicitly. What is the use-case for you and what would you like to add?
@nebulon See that point. Two use cases are:
WordPress exposes the example.com/xmlrpc.php API per default. We already had several issues where attackers used those APIs to send spam mails from our applications. To fix this issue, either you need to install a plugin that disables the API (however, dose plugins which are available for free are crapy and I dont trust them), or you just disable those requests in the nginx.conf of the application. This is what I did, but through updates those custom lines were deleted.
I would like to restrict the Synapse Admin API to certain IPs.
-
@nebulon See that point. Two use cases are:
WordPress exposes the example.com/xmlrpc.php API per default. We already had several issues where attackers used those APIs to send spam mails from our applications. To fix this issue, either you need to install a plugin that disables the API (however, dose plugins which are available for free are crapy and I dont trust them), or you just disable those requests in the nginx.conf of the application. This is what I did, but through updates those custom lines were deleted.
I would like to restrict the Synapse Admin API to certain IPs.
@opensourced I think the WordPress issue can be solved with a htaccess file instead of doing this on a reverse proxy level https://docs.cloudron.io/apps/wordpress-developer/#htaccess
-
Generally we try to not expose such internals to the users, as they are inherently hard to test with regards to updates. Often though we can add a feature to "manage" such thing explicitly. What is the use-case for you and what would you like to add?
@nebulon Hello, I edited the nginx config manually on the server... to restrict access to chatwoot's super_admin url... but when I change the config in the app, everything added disappears
location ^~ /super_admin { allow 1.2.3.4; deny all; proxy_pass http://CHATWOOT_INTERNAL_INSTANCE_IP:3000; } -
@nebulon Hello, I edited the nginx config manually on the server... to restrict access to chatwoot's super_admin url... but when I change the config in the app, everything added disappears
location ^~ /super_admin { allow 1.2.3.4; deny all; proxy_pass http://CHATWOOT_INTERNAL_INSTANCE_IP:3000; } -
@nebulon See that point. Two use cases are:
WordPress exposes the example.com/xmlrpc.php API per default. We already had several issues where attackers used those APIs to send spam mails from our applications. To fix this issue, either you need to install a plugin that disables the API (however, dose plugins which are available for free are crapy and I dont trust them), or you just disable those requests in the nginx.conf of the application. This is what I did, but through updates those custom lines were deleted.
I would like to restrict the Synapse Admin API to certain IPs.
@opensourced said in Persistent custom nginx configuration:
plugins which are available for free are crapy and I dont trust them
fyi Wordfence is not crappy (imho everyone running WordPress should install it) and would easily sort this for you
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login