How would I secure /netdata, or Netdata for Laravel?
Question
I'm following the following guide for installing Netdata on Laravel Forge . Basically, it's opening the port 1999 used for Netdata and redirecting it to /netdata directory.
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/$ndpath$is_args$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
I already have an auth middleware defined, and how would I only allow people that pass the auth middleware to visit the /netdata route? The guide suggests only limiting it to one IP address, but that's not possible as I move around quite a bit.
1 answers
solution1
3 ACCPTED 2020-08-12 12:57:14
Although I have no experience with Laravel or Forge, according to this piece of documentation , you have to define that functionality in your middleware. In essence, you instruct the middleware to perform a redirection only in case of successful authentication.
Perhaps you could instruct Laravel to redirect all connections (if auth is successful) to the NGINX endpoint (/netdata) which you will configure to only allow from localhost . Thus, a user will not be able to access /netdata , unless he/she is authenticated via the Laravel Middleware and then redirected from that middleware to the Nginx server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.