secure/hide "api.anothersite.com" from public and only allow "mysite.com" to access it via 127.0.0.1:50010 internally
Dan Tullis
dantullis at yahoo.com
Thu Jul 26 18:43:21 UTC 2018
I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs:
angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910
nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010
nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above
I currently can communicate back and forth with GET and POST requests and JSON responses.
So far everything is great.
However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com"
Can this be done via nginx?
server {
server_name api.anothersite.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
#allow xx.xx.xx.xx;
#allow 127.0.0.1;
#deny all;
proxy_pass http://127.0.0.1:50010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
server_name mysite.com www.mysite.com;
location / {
proxy_http_version 1.1;
proxy_pass http://localhost:51910;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
proxy_set_header Host mysite.com;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
}
if ($host = mysite.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name mysite.com www.mysite.com;
return 404;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180726/89416ce7/attachment.html>
More information about the nginx
mailing list