nginx on localhost only?

[hokan]

I'd like the web server to listen only on localhost but I don't see a way to do that with the web GUI. In the GUI I see only a few choices, 0.0.0.0 and the IP addresses of each of my three interfaces.

If I can't do it with the GUI, then I can use the config file, but if possible I'd like to do it "properly" and use the GUI for this.

 

[Jailer]

What web sever are you referring to?

 

[hokan]

nginx -- isn't that what runs the web GUI?

 

[Jailer]

I guess I don't understand what you are trying to accomplish. The web GUI should be available via it's IP address on your local network already.

 

[hokan]

For security, I don't want it available on the local network, but only on localhost (127.0.0.1). Then I can use ssh tunneling to surf to the GUI.

 

[hokan]

More than a bit roundabout, but here's what I did to get this working:

1. Add an alias to an interface with my desired IP address (not 127.0.0.1, but some otherwise unused address).
   
2. 
   
3. set up an ssh connection with a tunnel to localhost on the FreeNAS box
   
4. Example: ssh -L 8001:freenas-host-1:80 root@freenas-host-1.enet.umn.edu
5. 
   
6. Configure the web GUI to listen on the IP address you added as an alias.
   
7. the GUI stops working now so reconnect to localhost:8001
8. 
   
9. Manually add an alias with the same IP address as in step 1 to the lo interface
10. 
    
11. Remove the alias added in step 1.
    
12. 
    
13. In the GUI add a startup command to add an alias to the lo interface as you manually added above.

So this lets me use, not 127.0.0.1, but a different address that I added to the loopback (lo) interface.

 

[hokan]

Well, this wasn't working out too well. Nginx was making me log in every few minutes or seconds; I don't know why.

I realized that the ipfw firewall is enabled on the system so I'm just using that instead -- only permitting ports for http and https from particular clients that only administrators can log onto. Much simpler this way.