Discover the new way to find a job!

Question

0

22

Views

How to configure nginx for reverse proxy to hide ports on which docker containers are running?

I have 2 docker containers - frontend(Angular 8) and api (Node) , frontend works on port 81 by default and api on port 1337. I also registered a domain where both applications are available and added configuration for ssl. However, it works in such a way that the frontend is available at www.example.com and the api, at www.example.com:1337, I would like to know if there is a way to set the nginx configuration to serve frontend on www.example.com and api on www.example.com/api and to listen to both containers on port 443? Thanks in advance for your help.

nginx.conf for reverse proxy

http {
  upstream frontend {
    server frontend:81;
  }
  upstream api {
    server api:1337;
  }

  server {
    listen 80;

    location ~ /.well-known/acme-challenge {
      allow all;
      root /usr/share/nginx/html;
    }

    location / {
      rewrite ^ https://$host$request_uri? permanent;
    }
  }

  server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com example.com;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;


    ssl_buffer_size 8k;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    location /api {
      try_files $uri @api;
    }

    location / {
      try_files $uri @frontend;
    }

    location @frontend {
    proxy_pass http://frontend;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
      }

    location @api {
    proxy_pass http://api;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    }

    root /usr/share/nginx/html;
    index index.html index.htm index.nginx-debian.html;    
  }
}

part of docker-compose.yml responsible for reverse proxy

  reverse:
    container_name: reverseProxy
    hostname: reverse
    image: nginx:latest
    ports:
      - "80:80"
      - "81:81"
      - "1337:1337"
      - "443:443"
    volumes:
      - ./defaultnginx.conf:/etc/nginx/nginx.conf
      - /usr/share/nginx/html:/usr/share/nginx/html
      - certbot-etc:/etc/letsencrypt
      - certbot-var:/var/lib/letsencrypt
    depends_on:
      - frontend
      - api

16 days ago ·

Santiago Trujillo

Answer question

Find remote jobs

Loading