I am having static UI pages making REST api calls to other ECS-Fargate containers. The static pages are hosted again in a container having Nginx. The api calls are not getting resolved by the route 53 DNS service. If I spin up an EC2 instance and use nslookup then the address translation is taking place correctly.
All the containers are in the same subnet and only Nginx-Angular container has a public ip address. I wish to access the Nginx-Angular container over the internet which will make api calls to other ECS Fargate containers. Please advise.
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
#listen 80;
server_name localhost;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
listen 443 ssl;
root /usr/share/nginx/html/login-ui;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
}
I solved the problem of by keeping the angular & nginx container in the private subnet. I setup an Application Load balancer with having public ip in the public subnet. I route all the traffic from the internet using Nginx reverse proxy mechanism and the requests are resolved by Nginx and forwarded to my API containers using Route53 internal DNS. The browser must send all the requests to an Nginx location only and it should decide where to route the private intranet topic using Route53 internal dns. authenticationservice.local is my DNS entry. Here is my nginx.conf.
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
server_name localhost;
resolver 127.0.0.1;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
listen 443 ssl;
root /usr/share/nginx/html/login-ui;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
location /test/api/ {
rewrite /test/api/login/ break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://authenticationservice.local:8443/api/login;
}
}
}