you can whitelist IPs and ranges in nginx. When we have separate virtual hosts these are saved in /etc/nginx/sites-enabled. The rules look like allow xx.xx.xx.xx/range(32); and deny all;. Further we can make sure nginx passes some headers to the app using the rules proxy_set_header Host $http_host;.