43 lines
No EOL
1.3 KiB
Markdown
43 lines
No EOL
1.3 KiB
Markdown
# Whitelister ETERNAL
|
|
|
|
A node.js server that can be used with Nginx Auth Requests to filter out VPN/Proxy/Datacenter IPs using a couple methods
|
|
|
|
## Jumpstart
|
|
|
|
1. Clone the repo
|
|
2. Copy `config.example.toml` to `config.toml` and fill out necessary fields
|
|
3. Install dependencies: `yarn`
|
|
4. Build the TypeScript: `yarn build`
|
|
5. Run it: `yarn serve` or `node ./dist/index.js`
|
|
|
|
## Nginx setup
|
|
|
|
This is designed to be used with Nginx Auth Requests. You can include it in your config as follows:
|
|
|
|
Make SURE that if your site is proxied with Cloudflare that you comment and uncomment the indicated lines, or you will be vulnerable to IP spoofing due to the non-standard way Cloudflare sets the X-Forwarded-For header.
|
|
|
|
```nginx
|
|
upstream whitelister {
|
|
server 127.0.0.1:3000; # If you changed the port in config.toml, change here too
|
|
}
|
|
|
|
server {
|
|
# ...
|
|
location /whitelister/ {
|
|
internal;
|
|
|
|
proxy_pass http://whitelister/auth;
|
|
|
|
# Comment this if you use Cloudflare
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
# Uncomment this if you do NOT use Cloudflare
|
|
# proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
|
|
}
|
|
|
|
location /path-i-want-protected/ {
|
|
# ...
|
|
auth_request /whitelister/;
|
|
}
|
|
}
|
|
``` |