Unable to use LAN addresses when setting up access lists

[blitzmann]

I'm not very familiar with docker networking, so I'm unsure on how to proceed with this issue.

I'm running this image on my home server to act as a reverse proxy. Basic stuff, <app>.blitzmann.me will be used to serve up <serverIP>:<appPort>. Right now I have a configuration for dash.blitzmann.me that serves up Heimdall. Everything seems to work fine until I try to set up access lists.

I want dash.blitzmann.me to only be available to LAN, and to deny everyone else. To that end, I set up the IP restrictions as such:

This produces a config file that seems to be proper:

...
  location / {
    # Access Rules
    allow 192.168.1.0/24;
    deny all;

    # Access checks must...
    satisfy any;

    # Proxy!
    include conf.d/include/proxy.conf;
  }
...

This does work in blocking external access, but it also blocks access from my internal network as well, which is not what I want.

Digging into the logs, I can see that nginx is receiving the request from my WAN address (the address blitzmann.me points to), instead of my local address. This is the stage where I reach the limits of my networking knowledge, and I'm not sure how to continue forward. I'm not sure what I have configured incorrectly. In my mind, the IP address accessing the content should be my computers local address (eg 192.168.1.64) instead of the WAN address (which still reflects "my" network, but since it's a dynamic DNS, it can change).

So, my questions are: 1) Is there something I can do to have the container register internal requests as literal internal? 2) If not, is there a way to automatically allow whatever IP address my domain is on (considering it's a DynamicDNS and may change occasionally)

[hakunamatata97k]

Same issue here 😊. And same issue with the jc21 image as well. 🤦. Since it is a bit older question, What did you end up doing?

[blitzmann]

@hakunamatata97k I believe I had to only allow my public IP address, which is not ideal as that's not completely static