I have 2 docker containers - frontend(Angular 8) and api (Node) , frontend works on port 81 by default and api on port 1337. I also registered a domain where both applications are available and added configuration for ssl. However, it works in such a way that the frontend is available at www.example.com and the api, at www.example.com:1337, I would like to know if there is a way to set the nginx configuration to serve frontend on www.example.com and api on www.example.com/api and to listen to both containers on port 443? Thanks in advance for your help.
http {
upstream frontend {
server frontend:81;
}
upstream api {
server api:1337;
}
server {
listen 80;
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com example.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location /api {
try_files $uri @api;
}
location / {
try_files $uri @frontend;
}
location @frontend {
proxy_pass http://frontend;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
location @api {
proxy_pass http://api;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
}
}
reverse:
container_name: reverseProxy
hostname: reverse
image: nginx:latest
ports:
- "80:80"
- "81:81"
- "1337:1337"
- "443:443"
volumes:
- ./defaultnginx.conf:/etc/nginx/nginx.conf
- /usr/share/nginx/html:/usr/share/nginx/html
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- frontend
- api
Santiago Trujillo