I would like to hide a backend API REST server from public view and have it accessed from frontend web server locally/internally. Is this possible? Below are my setup and configs:
angular/nodejs frontend app, say it is "mysite.com" running on server at 127.0.0.1:51910 nodejs backend app, say it is "api.anothersite.com" running on server at 127.00.0.1:50010 nginx(open source) listens for the server_name/domain and does a proxy_pass to the host/port listed above I currently can communicate back and forth with GET and POST requests and JSON responses. So far everything is great. However, beside just using CORS, I would now like to secure/hide "api.anothersite.com" from the public and just allow "mysite.com" to access 127.0.0.1:50010 internally instead of "api.anothersite.com" Can this be done via nginx? server { server_name api.anothersite.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/anothersite.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/anothersite.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { #allow xx.xx.xx.xx; #allow 127.0.0.1; #deny all; proxy_pass http://127.0.0.1:50010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } server { server_name mysite.com www.mysite.com; location / { proxy_http_version 1.1; proxy_pass http://localhost:51910; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; proxy_set_header Host mysite.com; proxy_cache_bypass $http_upgrade; proxy_pass_request_headers on; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } listen 443 ssl; ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { if ($host = www.mysite.com) { return 301 https://$host$request_uri; } if ($host = mysite.com) { return 301 https://$host$request_uri; } listen 80; server_name mysite.com www.mysite.com; return 404; }
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx