Whitelist IP addresses based on SSH origin
Here is how you create a list of IP addresses, to be used with NGINX, based on successful ssh connections.
$ cat /usr/bin/auth-list.sh
#!/bin/bash WHITELIST=/etc/nginx/conf/whitelist.conf # Make sure that we don't add it more than once. if ! grep -q $PAM_RHOST $WHITELIST; then echo allow $PAM_RHOST\; >> $WHITELIST fi
$ cat /etc/pam.d/sshd
session optional pam_exec.so seteuid /usr/bin/auth-list.sh
Login via ssh and it will add your external IP address to the list.
$ cat /etc/nginx/conf/whitelist.conf
allow 126.96.36.199; allow 188.8.131.52;
Reload NGINX for it to take affect.