How to configure for JUST allowing LAN IP visit web monitor dashboard？

[jasonjsk]

I was wondering monitor all of my servers, so I chose a server as public visit interface through a sub domain URL, because I used Nginx proxy to protect my real server IP and port information, and I wanted to not allowed anyone visit readIP:PORT to monitor netdata dashboard.

My information as bellow:
SERVER1(Nginx server):
WAN IP: 120.xx.xx.xx

REAL SERVER1(target monitor server):
WAN IP: 121.xx.xx.xx
LAN IP: 10.xx.xx.xx

Nginx configuration:
server{
port 80;
host www.xyz.com;
location /monitor/ {
proxy_pass http://10.xx.xx.xx:19999/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

then I have configured "bind to = 10.xx.xx.xx" in '/etc/netdata/netdata.conf' on REAL SERVER1, then I restarted netdata service, but I could still visit througth 121.xx.xx.xx:19999. I want anyone just can visit it through

so, anyone who knows anywhere I configured error? thanks!!!

[ktsaou]

Hi, could you please post the [web] section of your netdata.conf?

[jasonjsk]

[web]
# web files owner = netdata
# web files group = netdata
# listen backlog = 100
# default port = 19999
# bind to = *
# mode = multi-threaded
# disconnect idle clients after seconds = 60
# respect do not track policy = no
# x-frame-options response header =
# enable gzip compression = yes
# gzip compression strategy = default
# gzip compression level = 3
bing to = 10.173.166.215:19999
default port = 19999

Okay, this is my web section configuration.

[ktsaou]

It says "bing to", not "bind to".

[ktsaou]

one way to check your config is to get it from netdata: http://your.netdata.ip:19999/netdata.conf
It will tell you both the current setting and that it does not use your setting.

[jasonjsk]

Wow, I'm so sorry, thanks ktsaou a lot!
I corrected the bing to, it is okay now.