Hello,
The solution could be as following:
1. User authenticates himself on main website
2. The website pull list of allowed IPs from the the database
3. Based on list of allowed IPs system either
1) produces modified config file(s) for NGINX and sends a signal to re-read configuration
2) or, disables/enables ip routing via "iptables" command
With approach #1 it will be possible to produce personalized error message for user if he is trying to access non-authorized IP, but if you have thousands of simultaneous users there could be delays in re-reading the config, and users may not get access right away
With approach #2 the user will get generic error message "Bad gateway" (or it may be renamed to "No access"), but configuring access will be instant
Please let me know what you think
I have 15+ years of experience in IT, including extensive experience in Unix, NGINX and Web apps. For details please visit my profile on freelancer or on LinkedIn (just search for Alexei Maximov, Calgary). I am working from home, so I can be reached by phone almost any time.
Thanks
Alexei