如何使用AWS / nginx / Zend建立站点到站点的VPN

We have a Zend (1.12.20) php webapp that runs on AWS via docker containers. We also have nginx routing requests between this php webapp and other webapps.

The php webapp has a public front-end and an administrative back-end. i.e.

http://public-url.com
http://public-url.com/administrative-backend

We want to limit access to http://public-url.com/administrative-backend to only users that are on a site-to-site vpn while keeping the public frontend accessible to all of the internet.

Which layer of the stack should this be implemented in? Is AWS capable of distinguishing requests to a particular URL served by a container and making some of them require VPN authorization? Can nginx handle this somehow?

How can I limit access to a specific portion of a php webapp to vpn users while leaving the rest of the webapp publicly accessible?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dqy92287 2017-05-16 02:35
关注
You can use nginx to allow access to / to the public, but allow access to /administrative backend only from authorized IPs/networks like so:

location ~ /administrative-backend { allow 172.31.0.0/16; deny all; }

172.31.0.0/16 could be your VPC or VPN's IP address. Please check http://nginx.org/en/docs/http/ngx_http_core_module.html#location for more details.

If you're looking for something built into AWS, it has tools to route traffic depending on the request path (in this case /* vs /administrative-backend/*). Check out application load balancers (not the classic ELB) https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/.

What I would do though, fore more security, is put the public and private (admin) in separate containers. Just disable all the admin stuff in the container that would serve the public.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何使用AWS / nginx / Zend建立站点到站点的VPN nginx php
2017-05-09 19:05

回答 1 已采纳 You can use nginx to allow access to / to the public, but allow access to /administrative backend
使用AWS PHP SDK上传到AWS S3无法通过身份验证 aws php
2018-09-08 23:44

回答 2 已采纳 The problem was in defining the profile as "default". When I removed the profile parameter, the er
如何使用php连接到AWS RDS？ php
2018-05-06 21:31

回答 1 已采纳 If you look at the documentation for mysqli_connect, the first parameter should be the hostname, a
大佬们的精品博客[收藏+1]
2018-12-20 23:04

weixin_30593261的博客 nginx应用总结（1）--基础认识和应用配置 nginx应用总结（2）--突破高并发的性能优化 nginx限制上传大小和超时时间设置说明/php限制上传大小 nginx反向代理tomcat访问时浏览器加载失败，出现ERR_CONTENT_LENGTH_...
Aws Php SDk - 使用硬编码凭证创建Cloudfront分发 php
2019-05-07 07:02

回答 1 已采纳 The solution was to create the cloudfront client like this $client = Aws\CloudFront\CloudFrontC
通过源安装AWS SDK for PHP失败 aws php
2015-05-19 11:27

回答 1 已采纳 Solved! I had a bad line on my index.php
在AWS上使用Kubernetes部署HTTP / 2 Web服务器 aws kubernetes
2018-07-29 18:44

回答 2 已采纳 There is no benefit to deploying HTTP2 on an AWS load balancer if your backend is not HTTP2 also.
架构师知识体系(5)--建立自己的知识体系吧
2017-01-09 10:30

SZleoWang的博客 3）php基础知识：php，linux，mysql，nginx/apache，代理负载均衡 4）java基础知识：Java高级特性和类库，Java网络与服务器编程, TCP/IP协议，以及线程，I/O模型，框架。 4）数据结构算法，设计...
如何使用aws sdk php同步存储桶中的文件 php
2018-07-19 16:02

回答 1 已采纳 No, there is no similar command in the AWS SDK for PHP that will upload the contents of a local di
在AWS上托管角色应用程序使用php angular php
2018-10-22 14:19

回答 2 已采纳 If you want to do this on AWS you will need an EC2 instance to run your dynamic queries to the dat
使用RDS建立数据库连接AWS Elastic Beanstalk时出错 php
2019-05-10 22:25

回答 1 已采纳 Alright! After a few migraines and screaming at my keyboard, I have figured out what was going on.
ecw2c理解元数据：使用BigQuery k-means将4,000个堆栈溢出标签聚类
2019-07-24 00:00

cunehu1722的博客 amazon-ses, aws-cognito, aws-iot, terraform-provider-aws, api-gateway, amazon-vpc, aws-serverless, aws-codepipeline, aws-codebuild, amazon-rds-aurora, bitnami, amazon-lex, aws-step-functions, aws-...
使用AWS PHP SDK将文件安全传输到S3 aws php
2014-11-07 15:36

回答 1 已采纳 The default scheme for all services connected to by the SDK is HTTPS (see http://docs.aws.amazon.c
好博客总结
2018-09-29 07:59

weixin_33805557的博客 nginx应用总结（1）--基础认识和应用配置 nginx应用总结（2）--突破高并发的性能优化 nginx限制上传大小和超时时间设置说明/php限制上传大小 nginx反向代理tomcat访问时浏览器加载失败，出现ERR_CONTENT_LENGTH_...
[it-ebooks]电子书列表v0.1.1
2015-02-06 00:17

mapoor的博客 Learning PHP, MySQL, JavaScript, CSS & HTML5, 3rd Edition || A Step-by-Step Guide to Creating Dynamic Websites || 730 || http://it-ebooks.info/book/3344/ Moodle Course Design Best Practices || Learn...
没有解决我的问题, 去提问

悬赏问题

¥20 西门子S7-Graph,S7-300，梯形图
¥50 用易语言http 访问不了网页
¥50 safari浏览器fetch提交数据后数据丢失问题
¥15 matlab不知道怎么改，求解答！！
¥15 永磁直线电机的电流环pi调不出来
¥15 用stata实现聚类的代码
¥15 请问paddlehub能支持移动端开发吗？在Android studio上该如何部署？
¥20 docker里部署springboot项目，访问不到扬声器
¥15 netty整合springboot之后自动重连失效
¥15 悬赏！微信开发者工具报错，求帮改

如何使用AWS / nginx / Zend建立站点到站点的VPN

1条回答 默认 最新

悬赏问题

1条回答默认最新