[英]Only allow access to express app through nginx with docker
So currently I'm running an express server api, I want to only allow access to the api if the user went through the nginx proxy. 因此,当前我正在运行快速服务器api,如果用户通过nginx代理,则只允许访问该api。 In my proxy config for nginx it has the following line for connecting to the express app (note that I have more lines in the nginx config for serving other files): 在我的nginx代理配置中,有以下行用于连接到express应用程序(请注意,nginx配置中有更多行用于提供其他文件):
location ~* ^/(api/|test/){
proxy_pass http://docker-express-app:3000;
}
This lets me go to my custom domain for example: example.com/api/.... and it will get the request correctly. 这使我可以转到自定义域,例如:example.com/api / ....,它将正确获取请求。 However I can also go to server.ip.here:3000/api/... and it will still get me the information correctly. 但是,我也可以转到server.ip.here:3000/api / ...,它仍然可以正确为我提供信息。 I want to eliminate the ability for people to type in the server ip and be able to connect to the api. 我想消除人们输入服务器ip并能够连接到api的能力。
(Note: for how the actual express app is setup I used express-generator to get it setup and just added some test api routes to see if I could connect to it) (注意:有关如何设置实际Express应用程序,我使用express-generator进行了设置,并添加了一些测试api路由以查看是否可以连接到它)
Also note that I am running the express app, and the nginx proxy using docker. 另请注意,我正在运行Express应用程序,以及使用docker的Nginx代理。
The docker compose looks like so: 码头工人组成看起来像这样:
version: '3'
services:
app:
container_name: docker-express-app
restart: always
build: app/
command: npm start
ports:
- 3000:3000
proxy:
container_name: nginx-proxy
restart: always
build: proxy/
ports:
- 80:80
- 443:443
The proxy Dockerfile: 代理Dockerfile:
FROM nginx:alpine
WORKDIR /usr/src/proxy
RUN rm /etc/nginx/conf.d/*
COPY proxy.conf /etc/nginx/conf.d/
COPY views/* ./views/
The express app Dockerfile: 快递应用程序Dockerfile:
FROM node:latest
WORKDIR /usr/src/app
COPY package.json .
RUN npm install
COPY . .
EXPOSE 3000
CMD [ "npm", "start" ]
All I want to due is ensure that the requests to the api gets routed through the proxy. 我只想确保对api的请求通过代理路由。 Is this possible? 这可能吗?
Ok I fixed my issue. 好吧,我解决了我的问题。
I removed the line in the Dockerfile "EXPOSE 3000" and in the docker-compose I removed the line that defines the ports "ports: - 3000:3000" (I also renamed the container name to app). 我删除了Dockerfile“ EXPOSE 3000”中的行,并在docker-compose中删除了定义端口“ ports:-3000:3000”的行(我还将容器名称重命名为app)。 I then added to the proxy service the following: "links: - app:app" then in the proxy I changed the proxy_pass to the url http://app:3000 , and it works as I want it too. 然后,我将以下内容添加到代理服务中:“链接:-app:app”,然后在代理中将proxy_pass更改为URL http:// app:3000 ,并且它也可以按我的要求工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.