Node.js API with Nginx: Block API access to the public - node.js

I'm using Nginx with Nodejs backend. I use Nodejs for authenticating users and api calls. Currently I have the following in my Nginx configuration:
location /api {
proxy_pass http://localhost:5000/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
However, this allows anyone to access /api directly. Is there a way to configure this so that users can't directly access /api?
Update
I tried adding:
allow 127.0.0.1; deny all; to the nginx config, however, this also blocks nginx from getting the resources. In other words, users can no longer login or get the resources from api.
I added a middle-ware to express and it always receives 127.0.0.1 (localhost) as the req.ip so I cannot do anything on nodejs side to prevent this because all requests are redirected from nginx.

Related

http https - 404 not found - reverse proxy problem

I deploy a Mean app with nodejs and express.
I made a reverse proxy with nginx.
`
location /soc/ {
root /capza_app/back/;
index index.js;
# proxy_set_header X-Real-IP;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header AccesControl-Allow-Origin *;
proxy_pass http://ip:3000/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
`
I call my api in front here:
apiUrl = 'https://mydomain/soc/transaction/'
After all go in back in my index.js:
app.use('/soc/transaction', TransactionController);
My index send in my controller.
I have 404 error.
Without the reverse proxy, i have Mixed Content: The page at https as loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint http.
maybe routes problems but I don't know what i am do wrong.
Thanks
I try to change my route, chang my reverse proxy

Forward client header, isp, geo to the server via proxy

My website has the proxy server created using express nodejs with nginx. The problem I am having, and cant seem to figure out is that I want to forward all the original users details and not show any proxy server details to the final destination server.
Scheme:
User -> my website -> proxy server -> final server to retrieve the data.
Now, no matter what configs I change in nginx, seems like the final server always identifies my proxy server isp, geo etc and not the users isp. If I access the final server directly without the proxy, the final server will show users isp.
How do I make sure that the proxy server is not being detected as "original" requester to the final server?
Some code for better understanding:
Nginx proxy:
location / {
proxy_pass http://x.x.x.x.x;
include proxy.conf;
}
nginxconfig:
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
Requests inside the node (to call final server) made like this (just a sample):
app.post('/getStats', (req, res) => {
const url = request('url')
req.pipe(url).pipe(res)
})

Duplicate Location "/" Nginx Error Backend And Frontend

I'm running an Express server on port 5000 and a React app on 8080.
My idea was to just direct traffic based on location (uri), but I've been getting a duplicate location "/" error with this partial insert into the AWS Beanstalk ngnix config:
location / {
root /var/app/current/build/;
try_files $uri /index.html;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /socket-io {
proxy_pass http://127.0.0.1:5000/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_upgrade;
}
This gets included in a standard ngnix.conf which looks roughly like this: https://gist.github.com/alextanhongpin/00da7f551969f052e57f3c4dcd9ac4b0
This is some combination of this answer and this other one since AWS documentation keeps changing.
On EC2, the file /etc/nginx/conf.d/elasticbeanstalk/00_application.conf is the file that appears to get appended on the main nginx.conf file with the line /etc/nginx/nginx.conf.
HOWEVER
The latest documentation says having .platform/nginx/conf.d/your_custom.conf in your working directory is the real nginx extension file.
I had to manually change 00_application.conf on EC2 in order for the duplicate error to go away, it appears this file stayed default even when redeploying with the custom config files, and that file happens to have a location / {}.
So I would recommend the container_command method or manually changing it for now.

Nginx reverse proxy only xhr/ajax requests

i have a laravel app and i want all requests to domain.test/api to be proxied to nodeJs but only if it is an xhr request. meaning that if a user types in a browser domain.test/api i want to give him a 404 but if the request is made with ajax i want to give him the response.
the following configuration proxies all:
location ~* ^\/api(.*)$ {
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_pass http://localhost:8081;
}
Is what i want to do possible using nginx? if so, please do suggest your solutions?

Use Heroku server url at nginx.conf.erb for load balancing

I have 2 server:
Server 1 is for loading balance with Nginx - https://server1.herokuapp.com/
Server 2 is for acting RESTful APIs. - https://server2.herokuapp.com/
Here my configuration of nginx.conf.erb at Server 1: https://gist.github.com/ntvinh11586/5b6fde3e804482aa400f3f7faca3d65f
When I try call https://server1.herokuapp.com/, instead of return data from https://server2.herokuapp.com/, I reach a 400 - Bad request. I don't know somewhere in my nginx.conf.erb wrong or I need implement nginx in server 2.
Try to research some resources but I found almost these tutorials configuring in localhost instead of specific hosts like heroku.
So what should I do to make my work successfully?
You need to configure your app as follows -
#upstream nodebeats {
# server server2.herokuapp.com;
# }
server {
listen <%= ENV['PORT'] %>;
server_name herokuapp.com;
root "/app/";
large_client_header_buffers 4 32k;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://localhost:<node-app-port>;
}
My two cents.
Comment out the upstream. Work with a single server server1.herokuapp.com, get it working with the above implementation, and then you can accomplish on adding the server2.hreokuapp.com to load balance.

Resources