From 401abe496a1ec3182348cb375ef3acb0f791cef5 Mon Sep 17 00:00:00 2001
From: Umputun <umputun@gmail.com>
Date: Sun, 26 Nov 2023 01:17:30 -0600
Subject: [PATCH] add docs for remote ip limiting

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3e6aec7f..8f47e0ed 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,7 @@ default: # the same as * (catch-all) server
       route: "/api/svc3/xyz",
       dest: "http://127.0.0.3:8080/blah3/xyz",
       ping: "http://127.0.0.3:8080/ping",
+      remote: "192.168.1.0/24, 127.0.0.1" # optional, restrict access to the route 
     }
 srv.example.com:
   - { route: "^/api/svc2/(.*)", dest: "http://127.0.0.2:8080/blah2/$1/abc" }
@@ -101,6 +102,7 @@ This default can be changed with labels:
 - `reproxy.dest` - destination path. Note: this is not full url, but just the path which will be appended to container's ip:port
 - `reproxy.port` - destination port for the discovered container
 - `reproxy.ping` - ping path for the destination container.
+- `reproxy.remote` - restrict access to the route with a list of comma-separated subnets or ips
 - `reproxy.assets` - set assets mapping as `web-root:location`, for example `reproxy.assets=/web:/var/www`
 - `reproxy.enabled` - enable (`yes`, `true`, `1`) or disable (`no`, `false`, `0`) container from reproxy destinations.
 
@@ -142,6 +144,7 @@ This default can be changed with tags:
 - `reproxy.route` - source route (location)
 - `reproxy.dest` - destination path. Note: this is not full url, but just the path which will be appended to service's ip:port
 - `reproxy.port` - destination port for the discovered service
+- `reproxy.remote` - restrict access to the route with a list of comma-separated subnets or ips
 - `reproxy.ping` - ping path for the destination service.
 - `reproxy.enabled` - enable (`yes`, `true`, `1`) or disable (`any different value`) service from reproxy destinations.
 
@@ -256,7 +259,7 @@ Another default set in the similar dynamic way is `--ssl.http-port`. For run ins
 
 ## Ping, health checks and fail-over
 
-reproxy provides 2 endpoints for this purpose:
+reproxy provides two endpoints for this purpose:
 
 - `/ping` responds with `pong` and indicates what reproxy up and running
 - `/health` returns `200 OK` status if all destination servers responded to their ping request with `200` or `417 Expectation Failed` if any of servers responded with non-200 code. It also returns json body with details about passed/failed services.