79226054

Date: 2024-11-26 09:32:38
Score: 2
Natty:
Report link

In case someone stumbles on this post having the same problem, this is what i did: the api calling methods have to be changed into something like https://full_domain_name/service_name

where that "service_name" will be used to redirect the request to the app that runs internally on the vm

reverse-proxy config file below:

server {
    listen 443 ssl;
    server_name full_domain_name;

    ssl_certificate /etc/letsencrypt/live/full_domain_name/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/full_domain_name/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://localhost:4200/; # Points directly to the Angular app running on the VM
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /security/ {
        proxy_pass http://localhost:8080/; # Internal route for SECURITY microservice
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /api/event/ {
        proxy_pass http://localhost:8081/api/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /api/main/ {
        proxy_pass http://localhost:8082/api/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

# Redirect HTTP to HTTPS
server {
   if ($host = full_domain_name) {
       return 301 https://$host$request_uri;
   }

   listen 80;  # HTTP
   server_name full_domain_name;


   return 404; # Managed by Certbot
}

where, for example, /api/event is based on that "service_name" i mentioned earlier.

in my case, if the client does a request to

https://full_domain_name/api/event/getAll

the nginx reverse-proxy will forward this request to

http://localhost:8081/api/getAll

basically the requests are still being done securely but nginx handles that security instead of having to configure each application to do that

Reasons:
  • Long answer (-1):
  • Has code block (-0.5):
  • Me too answer (2.5): having the same problem
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: steven stonie