Tutorial NGINX + NAXSI Reverse proxy for XTreamUI Tested on UBUNTU 18.04 LTS Server fresh install OVH VPS ​ UPDATE 20.10.2019 new whitelist.rule rm /etc/nginx/whitelist.rules && wget --no-check-certificate https://dev.d-dtox.com/nginx/conf/whitelist.rules -O /etc/nginx/whitelist.rules && service nginx restart Fix mag palyback blocked from naxsi FIX compile error whit --with-http_geoip_module ​ Install : wget https://dev.d-dtox.com/nginx/script/install.sh && chmod +x install.sh && ./install.sh​ ​ After install change into nginx.conf on main server :​ ​ nano /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf​ after "client_max_body_size 3m;" add :​ real_ip_header X-Forwarded-For; set_real_ip_from ADD-PROXY-IP-ADDRESS-HERE; real_ip_recursive on; ​ save and reload nginx​ /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload​ ​ ​ HOW TO MAKE WHITELIST RULES for ADMIN panel​ ​ on proxy sevrer go to /etc/nginx/nginx.conf​ enable learning mode from #LearningMode; to LearningMode;​ restart nginx​ service nginx restart​ Navigate on ADMIN panel to populate data​ ​ Install​ cd /home/nginx-waf​ git clone https://github.com/prajal/nxutil.git​ cd nxutil​ python setup.py install​ after install analize the error.log of nginx whit this command :​ python nx_util.py -l /var/log/nginx/error.log -o -p 1​ this is make whitelist rules add this on /etc/nginx/whitelist.rules:​ BasicRule wl:16 "mz:$URL:/api.php|BODY"; # total_count:9 (100.0%), peer_count:1 (100.0%) | open square backet ([), possible js BasicRule wl:1310 "mz:$URL:/table_search.php|$ARGS_VAR:columns[0][data]|NAME"; # total_count:7689 (50.42%), peer_count:1 (100.0%) | close square bracket (]), possible js BasicRule wl:1311 "mz:$URL:/table_search.php|ARGS|NAME"; # total_count:7560 (49.58%), peer_count:1 (100.0%) | open square backet ([), possible js BasicRule wl:1310 "mz:$URL:/table_search.php|ARGS|NAME"; ​ Disable the lerning mode then restart nginx.​ ​ GEO IP ALLOW/BLOCK country​ ​ if you need to allow all country comment whit # on /etc/nginx/nginx.conf:​ ... #geo $localnet { #default 0; #10.0.0.0/8 1; #192.168.0.0/16 1; #} ... #include geoblock; ...​ save and restart nginx​ service nginx restart​ if need to allow specified country only uncomment on /etc/nginx/nginx.conf​ ... geo $localnet { default 0; 10.0.0.0/8 1; 192.168.0.0/16 1; } ... include geoblock; ...​ then edit /etc/nginx/geoblock and set allow country es. (EN|IT|UK) :​ ... if ($geoip_country_code !~ (EN|IT|UK)) { ...​ save and restart nginx​ service nginx restart​ if need to block USA country but need to enable only specified ip edit /etc/nginx/nginx.conf:​ ... geo $localnet { default 0; 10.0.0.0/8 1; 192.168.0.0/16 1; 222.222.222.222 1; # Add ip or network to allow } ...​ save and restart nginx​ service nginx restart​