Answer the question
In order to leave comments, you need to log in
How to properly separate api and client part?
Hello, I can not correctly configure the config for nix.
There is a site on the server - statics that I give through nginx. And an application (API server) is launched that runs on port 8081.
Now I can’t figure out how to catch requests for example domain.com/api/ and send them to the backend (port 8081)
I thought to make a subdomain api.domain.com, but I can’t at all everything is a miracle to set up. Tried different options, but nothing works.
Thanks in advance :3
Answer the question
In order to leave comments, you need to log in
the simplest config for redirecting requests to the backend
...
location /api {
proxy_pass http://localhost:8081;
}
...
I solved the problem with this config:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.ru www.mydomain.ru;
return 301 https://$server_name$request_uri;
}
# the main server directive for ssl connections
# where we also use http2 (see asset delivery)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mydomain.ru www.mydomain.ru;
# paths to certificate and key provided by Let's Encrypt
ssl_certificate /etc/letsencrypt/live/mydomain.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.ru/privkey.pem;
# SSL settings that currently offer good results in the SSL check
# and have a reasonable backwards-compatibility, taken from
# - https://cipherli.st/
# - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# security enhancements
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Let's Encrypt keeps its files here
location ~ /.well-known {
root /var/www/html;
allow all;
}
# besides referencing the extracted upstream this stays the same
location /api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:8081;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
root /var/www/html;
index index.html;
}
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question