secure/hide "api.anothersite.com" from public and only allow "mysite.com" to access it via 127.0.0.1:50010 internally

Dan Tullis dantullis at yahoo.com
Fri Jul 27 14:22:45 UTC 2018


 FYI - I believe I figured it out. Suggestions welcomed. Here is what I did:
On the frontend: Instead of doing GETs and POSTs to "api.anothersite.com/api/messages" I now do the call to "mysite.com/api/messages"
On the backend: added an additional "location" similar to:

 location /api/messages {    # the backend server
    proxy_pass http://localhost:50010/api/messages/;
 }


   ----- Forwarded Message -----
 I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs: 

angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910

nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010

nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above 

I currently can communicate back and forth with GET and POST requests and JSON responses.

So far everything is great.

However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com" 

Can this be done via nginx?

   server {
           server_name api.anothersite.com;
  
           listen 443 ssl;
           ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem; 
           ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem; 
           include /etc/letsencrypt/options-ssl-nginx.conf; 
           ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
   
      location / {
              #allow xx.xx.xx.xx;
              #allow 127.0.0.1;
              #deny all;
              proxy_pass http://127.0.0.1:50010;
 
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection 'upgrade';
              proxy_set_header Host $host;
              proxy_cache_bypass $http_upgrade;
          }
  }

   server {
       server_name mysite.com www.mysite.com;
  
       location / {
  
      proxy_http_version 1.1;
            proxy_pass http://localhost:51910;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
           # proxy_set_header Host $host;
           proxy_set_header Host mysite.com;
           proxy_cache_bypass $http_upgrade;
           proxy_pass_request_headers on;
      }
 
      #error_page  404              /404.html;
 
      # redirect server error pages to the static page /50x.html
      #
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   /usr/share/nginx/html;
      }
 
      listen 443 ssl; 
      ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; 
      ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; 
      include /etc/letsencrypt/options-ssl-nginx.conf; 
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
  }
 
  server {
      if ($host = www.mysite.com) {
          return 301 https://$host$request_uri;
      } 
 
      if ($host = mysite.com) {
          return 301 https://$host$request_uri;
      } 
 
      listen       80;
      server_name mysite.com www.mysite.com;
      return 404; 
  }
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180727/6ec363c1/attachment.html>


More information about the nginx mailing list