From 712c6f64b5c70ce2bdffc60d25d465e9d246903e Mon Sep 17 00:00:00 2001
From: hellblazer315 <78935529+hellblazer315@users.noreply.github.com>
Date: Mon, 11 Nov 2024 08:58:38 -0500
Subject: [PATCH] Create internal.conf

Add a single conf file that can be used in proxy-confs via "include /config/nginx/internal.conf" for a single point of management for allowed IPs.
---
 root/defaults/nginx/internal.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 root/defaults/nginx/internal.conf

diff --git a/root/defaults/nginx/internal.conf b/root/defaults/nginx/internal.conf
new file mode 100644
index 00000000..e1670a64
--- /dev/null
+++ b/root/defaults/nginx/internal.conf
@@ -0,0 +1,7 @@
+# List of private IP addresses to ensure all traffic is local.
+## Remove or comment any out to be even more restrictive.
+allow 10.0.0.0/8;
+allow 172.16.0.0/12;
+allow 192.168.0.0/16;
+allow 100.64.0.0/16; # Tailcale's default IP range
+deny all;