# LDAP Access & NGINX IP Whitelisting # New Page
[![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/5Oximage.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/5Oximage.png) [![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/crfimage.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/crfimage.png)
##### **1️⃣ load notflix.pknw1.co.uk** - [x] user loads [https://notflix.pknw1.co.uk](https://notflix.pknw1.co.uk) - [x] notflix.pknw1.co.uk proxy\_hiost @ proxymanager - [ ] is IP in not all-allowed-blacklist-failled-whitelist-attemps ACL -> **quicklogin**
##### 2️⃣ attempt **quicklogin** - [ ] proxymanager advanced\_config 401 detected - [ ] passed to error\_handler in the advanced config - [x] if cookie **notflixuid** exists, redirect user to /quicklogin - [ ] if cookie **notflixuid does not exist, user cannot quicklogin** - [ ] **redirect user to standndar login**
##### 3️⃣ process **quicklogin** - [ ] load user\_ip from current session - [ ] add IP to ACL - [ ] restart proxynaner nginx to load allowed\_ips.conf - [x] redirect user to notflix.pknw1.co.uk
##### 4️⃣ process auth at /auth - [ ] user is locate at /auth page - [ ] user login is sent api.notflix.pknw1.co.uk for authentication against LDAP - [ ] if the user is not\_autenticated, redirect to errro - [ ] if the user is authenticated, whitelist their current IP - [x] redirect to notflix.pknw1.co.uk
##### 5️⃣ process **post-auth** - [ ] request current IP whiitelist - [ ] reload ACL
##### **7️⃣ Load [Jellyfin](https://notflix.pknw1.co.uk/login)**
##### ✅ **jellyfin post-login** - [ ] after login check if **notflixuid** cookie exists - [ ] if **notflixuid** exists, do northing - [ ] if **notflixuid** does not exist, create the **notflixuid** cookie enabling quicklogin
#### #### Load notflix.pknw1.co.uk with a vaiid user\_account and a valid IP
User Loading site- [ ] user loads [https://notflix.pknw1.co.uk](https://notflix.pknw1.co.uk) - [ ] notflix.pknw1.co.uk proxy\_hiost @ proxymanager - [ ] is IP in all-allowed-blacklist-failled-whitelist-attemps ACL - [ ] True = reverse\_proxy to jellyfin:8096/
User Login to Jellyfin- [ ] useer enters username and password from LDAP - [ ] True = username is a member iof users\_users group
After successful login- [ ] check if ookie **notflixuid** exists - [ ] True = no\_action - [ ] False = create cookie **notflixuid for .pknw1.co.uk valid 1 year**
aaaa #### Load notflix.pknw1.co.uk with a vaiid user\_account and an invalid IP #### Quicklogin initial configuration # Access Layers Authentication and.Access
[![ovh.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/ovh.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/ovh.png)#### OVH Service
[![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/H79image.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/H79image.png)#### **proxymanager** #### **proxymanager-admin**
[![ovh.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/ovh.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/ovh.png)
[![IP.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/ip.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/ip.png)
[![IP.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/ip.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/ip.png) [![tailscale.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/tailscale.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/tailscale.png)
#### [![tailscale.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/tailscale.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/tailscale.png) **Tailscale** #### **`100.100.69.0/16`** ##### [![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/rhQimage.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/rhQimage.png) **Proxy** ##### **`172.22.20.0/16`** ##### [![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/rhQimage.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/rhQimage.png) **Admin** ##### `172.22.22.0/16`
[![image.png](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/scaled-1680-/rhQimage.png)](https://bookstack.notflix.pknw1.co.uk/uploads/images/gallery/2026-04/rhQimage.png)
/home/apps/core ``` - ./api.notflix.pknw1.co.uk/docker-compose.yml - ./caddy/docker-compose.yml - ./internal-proxy/docker-compose.yml - ./proxymanager-admin/docker-compose.yml - ./dockmon/docker-compose.yml - ./lldap/docker-compose.yml - ./proxymanager/docker-compose.yml - ./squid/docker-compose.yml - ./pihole/docker-compose.yml ```
##### **Service** ##### **Docker**
`api.notflix``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`caddy``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`internal_proxy``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`proxymanafer``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`proxymanager-admin``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`dockmon``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`lldap``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`pihole``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
`squid``proxy/172.22.20.1` `dmz/172.22.21.1` `admin/172.22.22.1`
/home/apps/frontend
/home/apps/backend
/home/apps/user-apps
/home/apps/admin-apps