Configuring Nginx as a proxy for a Vapor API

Question

'm pretty stuck after a few days of trying to get this working and I could use some help.

I have a vapor API that works fine. I created a route and can access it from http://localhost:8080/backend/returnA in a browser on the server. It returns some JSON.

Where I'm stuck is in trying to configure Nginx to server as a proxy. Can anyone help me understand how the http://localhost:8080/backend/returnA URL translates into a working URL accessible from the LAN?

I'm pretty confused as the Nginx.conf asks for a root URL but I don't know what to put in. If I leave it blank it defaults to /usr/local/Cellar/nginx/1.15.6/html/backend/returnA/index.html which obviously won't work. If I set it to the public folder in the Vapor app directory this also doesn't work. In both instances I get a "No such file or directory".

I've gone through countless Nginx conf settings found online, tried adding a proxy location, nothing works. Trying http://172.16.1.25/backend/returnA/ always returns a 404 from the Nginx server.

How do I point Nginx to my Vapor route when it's not serving a static file like index.html, and instead retuning JSON?

Any help is much appreciated.

Here's the config, edited to include Thanh's code, old location commented out:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

    http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local]       "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;

    server {
    server_name 172.16.1.25;
    listen       80  default_server;

    root /Users/localadmin/Developer/server/MedicapAPI/Public/;

    # location @proxy {
    #    proxy_pass http://127.0.0.1:8080;
    #    proxy_pass_header Server;
    #    proxy_set_header Host $host;
    #    proxy_set_header X-Real-IP $remote_addr;
    #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #    proxy_pass_header Server;
    #    proxy_connect_timeout 3s;
    #    proxy_read_timeout 10s;
    # }

    location  / {
        proxy_ignore_client_abort on;
        proxy_pass http://localhost:8080/;
        proxy_redirect off;
    }    
    }
        include servers/*;
    }

Answer 1

server {
    #server_name  mysite.com;
    listen   80;

    error_log   /var/log/mysite.com_error.log warn;
    access_log  /var/log/mysite.com.ru_access.log;

    large_client_header_buffers 8 32k;
    client_max_body_size 10M;

    location / {
        # redirect all traffic to localhost:8080;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://127.0.0.1:8080/;
        proxy_redirect off;
        proxy_read_timeout 86400;

        # enables WS support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # prevents 502 bad gateway error
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;

        reset_timedout_connection on;

        tcp_nodelay on;
    }

    # Give direct access to Public files of your app instead of using FileMiddleware
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml|html|mp4|pdf)$ {
        access_log        off;
        expires           30d;
        root /path/to/your/app/Public;
    }
}

This is my working example.

For production I suggest you to use SSL certificate e.g. from LetsEncrypt, replace listen port to 443 and add the following configuration lines after listen line:

ssl on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;
ssl_prefer_server_ciphers on;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
ssl_ciphers 'HIGH:!aNULL:!MD5:!kEDH';
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
ssl_stapling_verify on;

That's it, now you're ready for production!