a year ago
I'm attempting to set up a reverse proxy to separate out my frontend and backend services but serve both the static assets and api from a single domain. I've tried with both Nginx and Caddy with no luck.
Results so far:
Nginx - ingress is the public domain and egress is the private domains for frontend and backend - traffic got stuck in Nginx, stalled and timed out.
Nginx - ingress is the public domain and egress is the public domains for frontend and backend - infinite redirect loop between Nginx and frontend
Caddy - same for both
Here is my most recent nginx setup:
server {
listen ${PORT};
server_name data-center-intelligence.up.railway.app;
# Proxy Settings
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header Connection "";
# SSL Settings for proxying over HTTPS
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_verify off; # Set to 'off' only if necessary
# Increase buffer sizes if needed
large_client_header_buffers 4 16k;
# Handle '/api/' and '/auth/' routes
location ~ ^/(api|auth)(/|$) {
proxy_pass https://dci-backend-production.up.railway.app;
proxy_redirect off;
}
# Serve everything else from the frontend
location / {
proxy_pass https://dci-frontend-production.up.railway.app;
proxy_redirect off;
}
}
----
Here is my most recent Caddy setup:
{
admin off
persist_config off
auto_https off
# runtime logs
log {
format json # set runtime log format to json mode
}
# server options
servers {
trusted_proxies static private_ranges
}
debug
}
(passive_health_checks) {
fail_duration 60s
max_fails 300
unhealthy_latency 5s
unhealthy_request_count 200
}
:{$PORT} {
# access logs
log {
format json # set access log format to json mode
}
# Handle /api/ and /auth/ routes first
handle /api/* {
reverse_proxy https://dci-backend-production.up.railway.app {
# Optional: Skip SSL verification if necessary
transport http {
tls_insecure_skip_verify
}
import passive_health_checks
}
}
handle /auth/* {
reverse_proxy https://dci-backend-production.up.railway.app {
transport http {
tls_insecure_skip_verify
}
import passive_health_checks
}
}
# Serve everything else from the frontend
handle {
reverse_proxy https://dci-frontend-production.up.railway.app {
transport http {
tls_insecure_skip_verify
}
}
}
}
---
If anyone can help me that would be great. For now I'm just putting them all on one server to unblock, but I'd like to separate out services if I am able...
1 Replies
a year ago
Instead of explaining a whole bunch of stuff that may or may not work, would you mind if I attempted to get this working and then if successful I can explain what I did to get it working?