I wonder reverse proxy server configuration with frontend server, api server, nginx server

Taegeon
August 6, 2021
86 views
0 votes
2 Answers

I’m configuring reverse proxy server with nginx
Nginx.conf file is like this, location / -> front server address, location /api -> api server address.
Front server fetch from http://${api_addr}/api originally(before setting nginx), but now I changed api URL to http://${nginx_addr}/api for constructing reverse proxy server. I am wondering if it is correct to send the request directly from the front to the api address or if it is correct to send the request to the nginx address?

reverse proxy server structure

Tags: nginx nginx-reverse-proxy

Answers

- tsmith023
- August 6, 2021 at 1:17 pm
- 0 votes
0
It is best practice to always query the Nginx endpoint and not the specific port. By directly querying the specific api port, you are completely bypassing the server routing service and could therefore accidentally overload your api endpoint if not careful.

By routing everything through the Nginx server, you ensure that your api service remains healthy and works as expected.

Login or Signup to reply.

- ChrisMcKee
- August 6, 2021 at 1:20 pm
- 0 votes
0
So you’re configuring a website and you want it to direct traffic to your frontend (html etc) and have an api route going to your api, if I’m reading that correctly?

You’d do it similar to this
```
server {
    listen 80;
    server_name yourdomain.com;

    set $frontend = "frontend-stuff.com";
    set $backend = "backend.com";

    location /api {

        ## if your api backend starts at / rather than /api you'd rewrite away the /api path
        # rewrite /api/(.*) /api/$1 break;


        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
        proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header Host $backend;
        proxy_pass http://$backend;

        break;
    }

    location / {
        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
        proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header Host $frontend;
        proxy_pass http://$frontend;

        break;
    }
}
```
The variables stop nginx hitting an ’emerg’ (fatal error) if a host falls down in the background between reloads; it can also be helpful with services where the frontend has a large IP range like cloudfront etc.

In the case of your frontend if you’re calling something like CloudFront you’d need to force TLS1.2
```
        proxy_ssl_protocols TLSv1.2;
        proxy_ssl_server_name on;
```
X-Forwarded-Proto https is needed if the backend app is returning paths (.net apps use this to set paths to https etc)

I am wondering if it is correct to send the request directly from the front to the api address or if it is correct to send the request to the nginx address?

Its best to proxy all your requests for an application via the same site config for multiple reasons, such as…
- Combined logging (easier to debug)
- Simpler to secure (set CSP and unified security headers across site)
- Easier to handle CORS for any frontend related activities (ajax/xhrf)
If you provide a bit more info I can probably pad this out
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.