I'm trying to setup my frontend, backend and my DB using docker. Here are the conditions where only my frontend container should make request to backend and not to the public. I have written a conf file but that still I'm able to access the backend with postman. Also I'm moving the frontend build files to a volume and mounting it in /usr/share/nginx/html where then the frontend container will stop and files will be served directly from nginx container.
Is it good to have another nginx service running in frontend container where the main nginx container route to frontend nginx service?
default.conf
upstream backend_servers {
server backend:8000;
}
server {
listen 80;
location / {
root /usr/share/nginx/html/frontend;
try_files $uri $uri/ /index.html;
}
# Reverse proxy requests to the uWSGI server
location /api {
rewrite ^/api(.*) $1 break;
uwsgi_pass backend_servers;
include /etc/nginx/uwsgi_params;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
my Docker compose file is
version: '3'
services:
frontend:
build:
context: ./frontend
dockerfile: Dockerfile.prod
volumes:
- app-data:/app/dist
backend:
build:
context: .
dockerfile: Dockerfile.prod
environment:
- DEBUG=0
- ALLOWED_HOSTS=nginx,localhost,127.0.0.1
- SECRET_KEY=my-secure-key
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
depends_on:
- db
db:
image: postgres:latest
restart: always
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
volumes:
- db-data:/var/lib/postgresql/data
nginx:
build:
context: ./nginx
dockerfile: Dockerfile.prod
ports:
- "80:80"
volumes:
- app-data:/usr/share/nginx/html/frontend
depends_on:
- backend
volumes:
db-data:
app-data:
