If you are using nginx, then port 1337 should not be publicly accessible, it should only be internal to the server and nginx proxies all the requests.
What should happen:
- User => Makes request to api.example.com on port 443 => received by nginx on port 443 => proxies request to localhost on port 1337 inside the server => Strapi gets request on localhost port 1337
What you are doing:
- User => Makes request to api.example.com on port 1337 => Strapi gets request on your server’s IP on port 1337