secure/hide "api.anothersite.com" from public and only allow "mysite.com" to access it via 127.0.0.1:50010 internally

Dan Tullis dantullis at yahoo.com
Thu Jul 26 18:43:21 UTC 2018


I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs: 

angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910

nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010

nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above 

I currently can communicate back and forth with GET and POST requests and JSON responses.

So far everything is great.

However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com" 

Can this be done via nginx?

   server {
           server_name api.anothersite.com;
  
           listen 443 ssl;
           ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem; 
           ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem; 
           include /etc/letsencrypt/options-ssl-nginx.conf; 
           ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
   
      location / {
              #allow xx.xx.xx.xx;
              #allow 127.0.0.1;
              #deny all;
              proxy_pass http://127.0.0.1:50010;
 
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection 'upgrade';
              proxy_set_header Host $host;
              proxy_cache_bypass $http_upgrade;
          }
  }

   server {
       server_name mysite.com www.mysite.com;
  
       location / {
  
      proxy_http_version 1.1;
            proxy_pass http://localhost:51910;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
           # proxy_set_header Host $host;
           proxy_set_header Host mysite.com;
           proxy_cache_bypass $http_upgrade;
           proxy_pass_request_headers on;
      }
 
      #error_page  404              /404.html;
 
      # redirect server error pages to the static page /50x.html
      #
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   /usr/share/nginx/html;
      }
 
      listen 443 ssl; 
      ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; 
      ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; 
      include /etc/letsencrypt/options-ssl-nginx.conf; 
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
  }
 
  server {
      if ($host = www.mysite.com) {
          return 301 https://$host$request_uri;
      } 
 
      if ($host = mysite.com) {
          return 301 https://$host$request_uri;
      } 
 
      listen       80;
      server_name mysite.com www.mysite.com;
      return 404; 
  }
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180726/89416ce7/attachment.html>


More information about the nginx mailing list