feat: Add IP-based access control for Stream Hosts#5211
Open
Kiryuumaru wants to merge 2 commits intoNginxProxyManager:developfrom
Open
feat: Add IP-based access control for Stream Hosts#5211Kiryuumaru wants to merge 2 commits intoNginxProxyManager:developfrom
Kiryuumaru wants to merge 2 commits intoNginxProxyManager:developfrom
Conversation
Kiryuumaru
force-pushed
the
feature/stream-access-list
branch
2 times, most recently
from
5743db3 to
a91fab1
Compare
Implements GitHub issue NginxProxyManager#5125 - Adds allow/deny IP-based access control for Stream Hosts using existing Access Lists infrastructure. Changes: - Add access_list_id column to stream table (migration) - Add access_list relation to Stream model - Add streams relation to AccessList model - Update stream internal logic to handle access_list expansion - Update access-list internal to regenerate stream configs on changes - Add access_list_id to stream API schemas - Create _access_stream.conf template for IP-only rules - Update stream.conf to include access template - Add Access tab to StreamModal in frontend - Add Access List column to Streams table - Add StreamExpansion type and update API hooks Note: Only IP-based allow/deny rules apply to streams. Basic authentication is not supported by nginx stream module.
Kiryuumaru
force-pushed
the
feature/stream-access-list
branch
from
a91fab1 to
933ee2b
Compare
|
Docker Image for build 5 is available on DockerHub: Note Ensure you backup your NPM instance before testing this image! Especially if there are database changes. Warning Changes and additions to DNS Providers require verification by at least 2 members of the community! |
Author
|
This PR is tested and ready for review 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements IP-based access control for Stream Hosts, addressing feature request #5125.
Changes
Backend
access_list_idcolumn to thestreamtableaccess_listrelation to Stream model andstreamsrelation to AccessList modelaccess_listexpansionaccess_list_idto stream POST/PUT endpoints_access_stream.conftemplate for IP-based allow/deny rulesstream.confto include the access template for both TCP and UDP blocksFrontend
StreamExpansiontype for API callsaccessListIdandaccessListto Stream interfaceImplementation Notes
satisfydirective, so onlyallow/denyrules from the Access List clients are usedallowdirectives for each client IP/CIDR in the access listdeny all;directiveExample Generated Config
Screenshots: