Basic Configuration

Define a common IP whitelist conf to be included

/etc/nginx/conf.d/shared/ipwhitelist.conf
1
2
3
4
5
6
deny 192.168.1.1;       # deny the actual IP address
allow 127.0.0.1;        # allow the actual IP address to access such as 127.0.0.1 for localhost
allow 192.168.0.0/16;   # allow IP addresses in range
allow 172.16.0.0/16;
allow 10.10.0.0/16;
deny all;               # deny the rest of the world

Include the IP whitelist to your app’s conf

/etc/nginx/conf.d/your.conf
1
2
3
server{
   include /etc/nginx/conf.d/shared/ipwhitelist.conf
}

How to define IP in range

RFC1918 name IP address range Number of addresses Largest CIDR block (subnet mask) Host ID size Mask bits Classful description
24-bit block 10.0.0.0 – 10.255.255.255 16777216 10.0.0.0/8 (255.0.0.0) 24 bits 8 bits single class A network
20-bit block 172.16.0.0 – 172.31.255.255 1048576 172.16.0.0/12 (255.240.0.0) 20 bits 12 bits 16 contiguous class B networks
16-bit block 192.168.0.0 – 192.168.255.255 65536 192.168.0.0/16 (255.255.0.0) 16 bits 16 bits 256 contiguous class C networks

See Wikipedia: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses