I have a Self-Hosted server, on Cpanel installed by softaculous.
The problem I am getting is access to the site, as the server is in a data center so everyone could try and access it.
Geoip doesn’t work in htaccess (litespeed), tho I am trying to get upstream to fix it but even cpanel can not find the problem there yet (its been 6 months).
I have a few IP like:
order deny,allow
deny from all
Allow from X.X.X.X #My Office IPv4
Allow from X:X:X::/48 #My Office IPv6
Allow from X.X.X.X #It's IPv4 IP
Allow from X:X:X:X:X:X/128 #It's IPv6 IP
Allow from localhost
Allow from 127.0.0.1
In both the Root & Public folders and it works most of the time (I see problems come up but then go, still trying to find out why).
But I need to add the hole country as allowed & no other, and that’s too many IP’s for htaccess. (also is there a IP that should be added as allowed & why)
BUT
Is there a way in the software to set country access via the PHP geoip Exten as this works like it should and is used on many of my websites software including WordPress & Joomla to name a few.
Can anyone help please
Shane.
Well, if you’re the only one that needs access, you could completely close down the whole box to the outside and access it via Tailscale or something similar. Tailscale also has DNS so you can set up a TLS certificate (although it’s technically secure because it’s over wireguard). If you don’t want to use the Tailnet name, you could setup Caddy reverse DNS that points to your Tailscale IP and use a custom domain like https://invoices.mybusiness.com (not a real domain, just for an example). Not to mention, Caddy will automatically fetch and renew the TLS for you. Just take note, as documented in the Tailscale docs I linked above, if you use their TLS cert, it will need to be manually renewed and moved to the correct directory every 90 days. It’s not difficult and very quick to do, but if you occasionally forget, your browser will tell you there’s an issue.
If you use the client portal with InvoiceNinja, you can use Tailscale Funnel to enable clients to access the portal.
Initially, I was using Tailscale DNS to access my installation of InvoiceNinja and it worked brilliantly. I’ve since switched to using Caddy with reverse DNS and am having no issues with that. I hope this helps.
Edit: I should also note that all of the above is based on the assumption that InvoiceNinja is installed in a VM. If you use Docker, it’s still possible to do all of the above, it’s just slightly more complex. See the Tailscale Docker docs for more information. I don’t use Docker because we don’t get on very well, I prefer using dedicated VMs.
1 Like