diff --git a/docker/nginx/conf.d/include/local-network-only b/docker/nginx/conf.d/include/local-network-only
new file mode 100644
index 00000000..84fa31f3
--- /dev/null
+++ b/docker/nginx/conf.d/include/local-network-only
@@ -0,0 +1,3 @@
+allow 127.0.0.1/32;  # localhost
+allow 10.10.10.0/24; # docker network
+deny all;
diff --git a/docker/nginx/conf.d/server.local.conf b/docker/nginx/conf.d/server.local.conf
index a598a1e6..6c5af504 100644
--- a/docker/nginx/conf.d/server.local.conf
+++ b/docker/nginx/conf.d/server.local.conf
@@ -4,11 +4,7 @@ server {
     listen [::]:8000;
 
     # secure traffic by limiting to only local networks
-    allow 10.0.0.0/8;
-    allow 127.0.0.1/32;
-    allow 172.16.0.0/12;
-    allow 192.168.0.0/16;
-    deny all;
-    
+    include /etc/nginx/conf.d/include/local-network-only;
+
     include /etc/nginx/conf.d/server/server.local;
 }
diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api
index 7e4b1c20..82dee277 100644
--- a/docker/nginx/conf.d/server/server.api
+++ b/docker/nginx/conf.d/server/server.api
@@ -334,11 +334,8 @@ location ~ "^/file/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" {
 }
 
 location @purge {
-    allow 10.0.0.0/8;
-    allow 127.0.0.1/32;
-    allow 172.16.0.0/12;
-    allow 192.168.0.0/16;
-    deny all;
+    # secure traffic by limiting to only local networks
+    include /etc/nginx/conf.d/include/local-network-only;
 
     set $lua_purge_path "/data/nginx/cache/";
     content_by_lua_file /etc/nginx/conf.d/scripts/purge-multi.lua;