Welcome! Log In Create A New Profile

Advanced

secure/hide "api.anothersite.com" from public and only allow "mysite.com" to access it via 127.0.0.1:50010 internally

Posted by Dan Tullis via nginx 
I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs:

angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910

nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010

nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above

I currently can communicate back and forth with GET and POST requests and JSON responses.

So far everything is great.

However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com"

Can this be done via nginx?

   server {
           server_name api.anothersite.com;
 
           listen 443 ssl;
           ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem;
           ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem;
           include /etc/letsencrypt/options-ssl-nginx.conf;
           ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
   
      location / {
              #allow xx.xx.xx.xx;
              #allow 127.0.0.1;
              #deny all;
              proxy_pass http://127.0.0.1:50010;
 
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection 'upgrade';
              proxy_set_header Host $host;
              proxy_cache_bypass $http_upgrade;
          }
  }

   server {
       server_name mysite.com www.mysite.com;
 
       location / {
 
      proxy_http_version 1.1;
            proxy_pass http://localhost:51910;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
           # proxy_set_header Host $host;
           proxy_set_header Host mysite.com;
           proxy_cache_bypass $http_upgrade;
           proxy_pass_request_headers on;
      }
 
      #error_page  404              /404.html;
 
      # redirect server error pages to the static page /50x.html
      #
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   /usr/share/nginx/html;
      }
 
      listen 443 ssl;
      ssl_certificate /etc/letsencrypt/live/mysite..com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
      include /etc/letsencrypt/options-ssl-nginx.conf;
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  }
 
  server {
      if ($host = www.mysite.com) {
          return 301 https://$host$request_uri;
      }
 
      if ($host = mysite.com) {
          return 301 https://$host$request_uri;
      }
 
      listen       80;
      server_name mysite.com www.mysite.com;
      return 404;
  }
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
FYI - I believe I figured it out. Suggestions welcomed. Here is what I did:
On the frontend: Instead of doing GETs and POSTs to "api.anothersite.com/api/messages" I now do the call to "mysite.com/api/messages"
On the backend: added an additional "location" similar to:

 location /api/messages {    # the backend server
    proxy_pass http://localhost:50010/api/messages/;
 }


----- Forwarded Message -----
I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs:

angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910

nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010

nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above

I currently can communicate back and forth with GET and POST requests and JSON responses.

So far everything is great.

However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com"

Can this be done via nginx?

   server {
           server_name api.anothersite.com;
 
           listen 443 ssl;
           ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem;
           ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem;
           include /etc/letsencrypt/options-ssl-nginx.conf;
           ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
   
      location / {
              #allow xx.xx.xx.xx;
              #allow 127.0.0.1;
              #deny all;
              proxy_pass http://127.0.0.1:50010;
 
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection 'upgrade';
              proxy_set_header Host $host;
              proxy_cache_bypass $http_upgrade;
          }
  }

   server {
       server_name mysite.com www.mysite.com;
 
       location / {
 
      proxy_http_version 1.1;
            proxy_pass http://localhost:51910;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
           # proxy_set_header Host $host;
           proxy_set_header Host mysite.com;
           proxy_cache_bypass $http_upgrade;
           proxy_pass_request_headers on;
      }
 
      #error_page  404              /404.html;
 
      # redirect server error pages to the static page /50x.html
      #
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   /usr/share/nginx/html;
      }
 
      listen 443 ssl;
      ssl_certificate /etc/letsencrypt/live/mysite..com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
      include /etc/letsencrypt/options-ssl-nginx.conf;
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  }
 
  server {
      if ($host = www.mysite.com) {
          return 301 https://$host$request_uri;
      }
 
      if ($host = mysite.com) {
          return 301 https://$host$request_uri;
      }
 
      listen       80;
      server_name mysite.com www.mysite.com;
      return 404;
  }
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login