I found a way to do something slightly similar (hide API from ouside, domain & IP direct access) :
- Run strapi production mode into your server (assumed to run on port 1337)
- Disable direct 1337 port access with iptables, for everyone excepts 127.0.0.1
iptables -A INPUT -p tcp --dport 1337 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 1337 -j DROP
- Setup nginx or apache with proxy and proxy pass your server_name to 127.0.0.1:1337
server {
listen 80;
server_name your-api-server.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:1337/;
}
location /api {
deny all;
// use your own rules to deny or allow who you want
return 403;
}
}
That way you’ll be able to :
- Access admin panel & do whatever admin tasks you want at your-api-server.com/admin
- Allow local access to /api/* (interesting if your clients app are hosted on the same machine)
- Deny access to your-api-server.com/api/* to who you want
- Deny access to server-ip:1337/* to everyone