Updating Access List IP address for dynamic IP Host

[diginfo]

As the access list does not allow a hostname and only an IP address, I want to create a cron script, that checks whether the IP address has changed for a host, and if so updates the "Access List > Access" IP Address.

I know how to create the script, and how to update the database, but is it just a case of restarting the nginx service or should I call some other command to apply the changed IP address ??

sqlite> select * from access_list_client;
sqlite> UPDATE access_list_client SET address = 'xx.xx.xx.xx' where id = 1;

[diginfo]

Also, nginx does not appear to be running under systemctl, so how can I restart and / or reload the system ?

[the1ts]

@diginfo you can just use the nginx standard nginx -s reload, you can even cron that from outside docker, for me its docker exec nginxproxymanager nginx -s reload

[diginfo]

Thanks, so by updating the sqlite database directly as I am, will that then update the nginx config file in /data/nginx/proxy_hosts folder automagically ?

[diginfo]

and while I have your attention :-)

https://stackoverflow.com/questions/73576444/nginx-reversed-proxy-requesting-files-above-proxied-folder

Any suggestions ?

[the1ts]

@diginfo I don't think so, since even changing an ACL in the GUI doesn't reload nginx currently.
Perhaps look at handling the ACL snippet yourself with your script and including that snippet via the custom nginx configuration. This will mean your script updates the ACL snippet with new IPs, removes old IPs, does an nginx -t to check config is good, then reloads nginx.
Perhaps you could simply edit the required proxy-host/$number.conf directly, check config and reload?
I'm sure there are NPM API calls that could be used for this, but I'm not sure its documented in v2.

[SkilledAlpaca]

The original request still stands in my opinion.

Would it be possible to get some kind of functionality for DDNS in the Access List? Since I have to enter my public IP to limit access to my LAN, if it changes I have to go and manually update it.

[the1ts]

There are already great tools for securing infrastructure like requested, VPNs. I for example use tailscale to enable hiding of many services, not just web.
Even if DDNS and ACLS where combined, it still only works for web. And it ignores the fact that many people still have to have port 80 open to allow letsencrypt http authentication, is NPM then supposed to stop ACLs working when letsencrypt is being run?
Its starting to fall way outside of a simple tool for proxying and SSL cert creation that NPM is designed to be.
Perhaps having run and secured some of the largest websites in the world, I'm not as concerned by looking at unknown IPs in my access logs as some are.

[efnats]

many people want to limit their services to local IP ranges, but the current ACL cannot do that.
Solution: #1708 (comment)

Can we have that code merged into?

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍

[virtualdj]

Please merge #3364 to close this issue.

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍