I installed prometheus on TrueNAS and it’s working fine but I wanted to add authentication to this and also to any future services I deploy to this server.
Since I needed a way to add authentication but I didn’t want to hack the default prometheus config, I installed nginx proxy manager and I was able to get it working so that it properly proxys requests to my prometheus pod using a FQDN. so something like https://myfqdn. This config is working great.
However, there is still one problem. I can still access the prometheus pod by going directly to the IP and port. This works because if you access the IP directly it bypasses nginx proxy manager.
Does anyone here know what would be best practice to block this IP access? Ideally, I would only want to allow access from ngiinx proxymanager.