Reputation: 6832
Use flynn applications via single domain
In order to have less issues with CORS and be able to use one SSL cert, I would like to run all flynn applications with one domain:
my "external" services
- https://example.com/ - Frontend SPA (static, HTML/javascript)
- https://example.com/api/v1/* - API (Python/Django)
- https://example.com/admin/ - Django Admin
- https://example.com/docs/ - SwaggerUI (static, HTML/Javascript)
- https://example.com/static/ - All static files from user uploads
internal services
- redis
- postgres
$ flynn route (example)
http:api.service.example.com api
http:frontend.service.example.com frontend
http:docs.service.example.com docs
...
To keep things simple, my idea was to use the NGINX as a reverse proxy to take care of the routing and the SSL handling - but where should I put it?
I could add an NGINX as a flynn application that listens to example.com and then make use of location and proxy_pass features. But when the NGINX reverses from https://example.com to http://frontend.service.example.com I have no SSL here - is that right?
How to make sure, the NGINX routes only "internally"? Are there even better approaches with flynn - or just use dokku.
Upvotes: 0
Views: 95
Answers (1)
Reputation: 3678
You can do this with Flynn using built-in features, there is no need to use an external reverse proxy.
First, add example.com with a valid TLS certificate:
flynn -a frontend route add http example.com --tls-cert cert_chain.pem --tls-key cert_key.pem
The cert_chain.pem file should contain the PEM-encoded certificate followed by one or more intermediate certificates necessary to build the chain to a trusted root.
The cert_key.pem file should contain a PEM-encoded private key (with no encryption applied).
Then add a path-based route for each of your other apps. The path will be treated as a prefix, so all subpaths will match as well for the route and the TLS certificate you just added will be used for all of them because they have the same domain:
flynn -a api route add http example.com/api
flynn -a admin route add http example.com/admin
flynn -a docs route add http example.com/docs
flynn -a static route add http example.com/static
The first route with just the base domain will be used for all other paths.
Upvotes: 2
Related Questions
- Reverse proxy a site with SNI support using kubernetes nginx-ingress
- How to run a https secured app in kubernetes cluster
- Kubernetes nginx ingress redirect domains to cluster
- Configuring end to end SSL using Nginx Ingress controller
- How to route multiple certificates to one Flynn application?
- Configuring NGINX as reverse-proxy (to dispatch) to backend services that are already SSL configured
- Nginx SSL for Docker Apps
- SSL Passthrough with Nginx
- Rundeck behind and SSL Proxy
- Nginx Reverse Proxy Multiple Applications on One Domain