Restrict nginx access only to client ip on docker container; how can I get client docker container ip?

#default.conf

upstream client {
  server client:3000;
}

upstream api {
  server api:4000;
}

server {
  listen 80;

  location / {
    proxy_pass http://client;
  }

  location /graphql {
    # rewrite /api/(.*) /$1 break;

    proxy_pass http://api/graphql;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";

    allow "{client ip}"
    deny all;
  }
}

#docker-compose.yml

version: "3"
services:
  client:
    image: "web-img"
    mem_limit: 128m
    hostname: client
    environment:
      - 
  api:
    image: "api-img"
    mem_limit: 128m
    hostname: api
    environment:
    
  nginx:
    image: "nginx-img"
    mem_limit: 128m
    hostname: nginx
    ports:
      - "80:80"

I’m currently running multiple docker containers on aws elastic beanstalk.

The api proxy ("/graphql") is open to anyone right now.

So I want to allow only client ip to access api proxy and restrict any other external access.

How am I able to get docker client instance ip and allow it?

Source: Docker Questions

LEAVE A COMMENT