Add possibility to restrict access to custom url.
Add possibility to restrict access to custom url via model.
Fixes-bug: PROD-36854
Change-Id: I43a304d8255ff07886ebcfe07540134cef44bdff
diff --git a/README.rst b/README.rst
index 33736b9..aa9875f 100644
--- a/README.rst
+++ b/README.rst
@@ -271,6 +271,52 @@
name: gitlab.domain.com
port: 80
+Location with access policy:
+
+.. note:: If location is defined and access_policy for location is defined,
+ it overrides main access_policy for that location.
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ site:
+ nginx_proxy_site01:
+ enabled: true
+ type: nginx_proxy
+ name: site01
+ access_policy:
+ allow:
+ - 192.168.1.1/24
+ - 127.0.0.1
+ deny:
+ - 192.168.1.2
+ - all
+ proxy:
+ host: local.domain.com
+ port: 80
+ protocol: http
+ location:
+ /internal/:
+ host: 172.120.10.200
+ port: 80
+ protocol: http
+ /restricted/:
+ host: 172.10.10.200
+ port: 80
+ protocol: http
+ access_policy:
+ allow:
+ - 10.10.10.0/24
+ - 127.0.0.1
+ deny:
+ - all
+ host:
+ name: gitlab.domain.com
+ port: 80
+
+
+
Use nginx `ngx_http_map_module` that creates variables whose values depend on
values of other variables.
diff --git a/nginx/files/_access_policy.conf b/nginx/files/_access_policy.conf
index ccc990c..37e3347 100644
--- a/nginx/files/_access_policy.conf
+++ b/nginx/files/_access_policy.conf
@@ -1,5 +1,12 @@
- {%- if site.access_policy is defined %}
+ {%- if location is defined and location.access_policy is defined %}
+ {%- for host in location.access_policy.get('allow', []) %}
+ allow {{ host }};
+ {%- endfor %}
+ {%- for host in location.access_policy.get('deny', []) %}
+ deny {{ host }};
+ {%- endfor %}
+ {%- elif site.access_policy is defined %}
{%- for host in site.access_policy.get('allow', []) %}
allow {{ host }};
{%- endfor %}