DEV Community: Jaykishan Ka.Patel The latest articles on DEV Community by Jaykishan Ka.Patel (@jaykishan_kapatel). https://dev.to/jaykishan_kapatel https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2161165%2Faeb0856e-0c2c-464b-abf1-81b7a5dcbcd0.png DEV Community: Jaykishan Ka.Patel https://dev.to/jaykishan_kapatel en Access HTTPS APIs Behind IP Whitelisting Using Nginx Reverse Proxy in Docker Jaykishan Ka.Patel Tue, 28 Oct 2025 17:27:55 +0000 https://dev.to/jaykishan_kapatel/access-https-apis-behind-ip-whitelisting-using-nginx-reverse-proxy-in-docker-4di9 https://dev.to/jaykishan_kapatel/access-https-apis-behind-ip-whitelisting-using-nginx-reverse-proxy-in-docker-4di9 <h2> 🔒 Problem </h2> <p>Have you ever faced this situation?</p> <blockquote> <p>You have a local system for development,<br> but the external public cloud server IP is whitelisted to a third party API server for accessing their APIs.</p> </blockquote> <p>For example:</p> <ul> <li> <a href="https://xyz.com/api" rel="noopener noreferrer">https://xyz.com/api</a> is accessible only from your public server’s IP</li> <li>Your local system's IP is not whitelisted</li> </ul> <p>You want to call the API from local for development or testing — but the API rejects it.</p> <p>Let's learn how to tunnel HTTPS API requests through a whitelisted public server using Nginx reverse proxy in Docker. Perfect for local development behind IP restrictions.</p> <p>This post walks you through setting up a secure <strong>reverse proxy</strong> using<br> <strong>Nginx</strong> and <strong>Docker</strong>, complete with JWT-based authentication.</p> <h2> ⚙️ Architecture Overview </h2> <p>We’ll create a reverse proxy on your public server (the one with the whitelisted IP) and your local machine will call this proxy instead of the actual API.</p> <p>Here's the flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Local System ──────&gt; Public Server (Nginx Proxy) ──────&gt; https://xyz.com/api ↑ Whitelisted IP ✅ </code></pre> </div> <p>This way, your API calls will appear to come from the public server, even when originating locally.</p> <h2> ⚙️ Step 1: Prepare the Directory Structure </h2> <p>On your <strong>public server</strong>, create a folder for the proxy setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>mkdir -p /opt/api-proxy/nginx cd /opt/api-proxy </code></pre> </div> <p>Directory layout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/opt/api-proxy/ ├── docker-compose.yml └── nginx/ └── default.conf </code></pre> </div> <h2> 🐳 Step 2: Docker Compose Setup </h2> <p>Here’s the Docker Compose file (<code>docker-compose.yml</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.8"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">api-proxy</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">api-proxy</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8443:443"</span> <span class="c1"># HTTPS port</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080:80"</span> <span class="c1"># Optional HTTP port for testing</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro</span> <span class="pi">-</span> <span class="s">./nginx/certs:/etc/nginx/certs:ro</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TZ=Asia/Kolkata</span> </code></pre> </div> <h2> 🧱 Step 3: Nginx Reverse Proxy Configuration </h2> <p>Create the file <code>/opt/api-proxy/nginx/default.conf</code> with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">_</span><span class="p">;</span> <span class="c1"># SSL certificates (replace with real ones if you have them)</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/nginx/certs/fullchain.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/nginx/certs/privkey.pem</span><span class="p">;</span> <span class="kn">ssl_protocols</span> <span class="s">TLSv1.2</span> <span class="s">TLSv1.3</span><span class="p">;</span> <span class="kn">ssl_ciphers</span> <span class="s">HIGH:!aNULL:!MD5</span><span class="p">;</span> <span class="c1"># 1️⃣ TOKEN ENDPOINT</span> <span class="kn">location</span> <span class="n">/token</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">https://xyz.com/token</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="s">xyz.com</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_ssl_server_name</span> <span class="no">on</span><span class="p">;</span> <span class="kn">client_max_body_size</span> <span class="mi">10M</span><span class="p">;</span> <span class="kn">proxy_connect_timeout</span> <span class="s">30s</span><span class="p">;</span> <span class="kn">proxy_send_timeout</span> <span class="s">60s</span><span class="p">;</span> <span class="kn">proxy_read_timeout</span> <span class="s">60s</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># 2️⃣ API ENDPOINT</span> <span class="kn">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">https://xyz.com/api/</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="s">xyz.com</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_ssl_server_name</span> <span class="no">on</span><span class="p">;</span> <span class="kn">proxy_pass_request_headers</span> <span class="no">on</span><span class="p">;</span> <span class="kn">proxy_connect_timeout</span> <span class="s">30s</span><span class="p">;</span> <span class="kn">proxy_send_timeout</span> <span class="s">60s</span><span class="p">;</span> <span class="kn">proxy_read_timeout</span> <span class="s">60s</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># 3️⃣ HEALTH CHECK</span> <span class="kn">location</span> <span class="n">/health</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">200</span> <span class="s">"OK</span><span class="err">\</span><span class="s">n"</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Content-Type</span> <span class="nc">text/plain</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 🔐 Step 4: Add SSL Certificates </h2> <p>If you have a valid domain for your public server, you can issue free SSL certs with Let’s Encrypt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>certbot python3-certbot-nginx <span class="nb">sudo </span>certbot certonly <span class="nt">--nginx</span> <span class="nt">-d</span> your-public-server.com </code></pre> </div> <p>Then copy the certificates into:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/opt/api-proxy/nginx/certs/fullchain.pem /opt/api-proxy/nginx/certs/privkey.pem </code></pre> </div> <p>If you don’t have a domain yet, comment out the SSL lines and use only <code>listen 80;</code>.</p> <h2> 🚀 Step 5: Run the Proxy </h2> <p>Start the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> /opt/api-proxy docker compose up <span class="nt">-d</span> </code></pre> </div> <p>Check if it’s running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps curl http://&lt;your-public-server-ip&gt;:8080/health </code></pre> </div> <h2> 🧪 Step 6: Test From Local System </h2> <p>Once the container is up, your local machine can call the proxy instead of the real API.</p> <p>1️⃣ Get Token<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-k</span> <span class="nt">-X</span> POST https://&lt;public-server-domain&gt;:8443/token <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"username":"user","password":"pass"}'</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>2️⃣ Call Actual API<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-k</span> <span class="nt">-X</span> GET https://&lt;public-server-domain&gt;:8443/api/data <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."</span> </code></pre> </div> <p>✅ The request goes through your public server<br> ✅ The API sees your whitelisted IP<br> ✅ You will get the response locally — as if you were calling from the server</p> <h2> 🧠 Conclusion </h2> <p>You can now access secure APIs behind IP whitelisting from your local machine — safely and efficiently.</p> <p>This setup is perfect for:</p> <ul> <li>Developers working behind NAT or firewalls</li> <li>Local testing with real APIs</li> <li>CI/CD environments that require whitelisted access</li> </ul> <h3> ✅ Key Takeaways </h3> <ul> <li> Use <strong>Docker + Nginx</strong> for isolated, reproducible setups.</li> <li> Always enforce <strong>HTTPS</strong> to secure external communications.</li> <li> Handle <strong>JWT tokens</strong> securely before proxying API calls.</li> <li> Perfect for developers testing <strong>third-party API integrations</strong> </li> </ul> <p><strong>Author:</strong> Jaykishan KaPatel<br> <strong>LinkedIn:</strong> <a href="//www.linkedin.com/in/jaykishan-kapatel">Jaykishan KaPatel</a></p> docker nginx networking api File Upload with Pinata’s Files API Jaykishan Ka.Patel Fri, 11 Oct 2024 17:40:48 +0000 https://dev.to/jaykishan_kapatel/file-upload-with-pinatas-files-api-5db8 https://dev.to/jaykishan_kapatel/file-upload-with-pinatas-files-api-5db8 <p><em>This is a submission for the <a href="https://dev.to/challenges/pinata">The Pinata Challenge </a></em></p> <h2> What I Built </h2> <p>I built a File Upload Application that leverages Pinata’s Files API to upload files to IPFS (InterPlanetary File System) and Pinata’s CDN. The application provides a seamless file-driven user experience, allowing users to upload images, documents, or any file type. Once uploaded, users can access the files via IPFS through a Pinata gateway link.</p> <p><strong>The project includes:</strong></p> <ul> <li> <strong>Creativity:</strong> Handling various file types and giving users direct links to view their uploaded files on IPFS.</li> <li> <strong>Performance:</strong> Utilizing Pinata’s CDN to serve files quickly.</li> <li> <strong>Use of Underlying Technology:</strong> Using Pinata SDK to handle file uploads and Express.js for the backend.</li> <li> <strong>Usability and User Experience:</strong> Simple HTML interface with minimal input for users.</li> <li> <strong>Accessibility:</strong> User-friendly interface that allows easy interaction with the application.</li> </ul> <h2> Demo </h2> <p>Check out the live demo of the application:<br> <a href="http://fileupload.uksouth.cloudapp.azure.com/" rel="noopener noreferrer">Click here to try Live Demo Link</a></p> <p>Screenshot:<br> File Upload Form<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad95r00ems2jzorhni7j.JPG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad95r00ems2jzorhni7j.JPG" alt="File Upload with Pinata's API" width="800" height="501"></a><br> After the file is uploaded successfully click on the "UPLOAD ANOTHER FILE" button to upload more files<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzskgxuy13gs2upg85nke.JPG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzskgxuy13gs2upg85nke.JPG" alt="File Upload with Pinata's API" width="800" height="455"></a></p> <h2> My Code </h2> <p>You can view the complete source code of the project on GitHub:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/becooljacky/File-Upload-with-Pinata-s-Files-API.git </code></pre> </div> <h2> More Technical Details </h2> <p><strong>1. File Upload:</strong> Users can upload any file (images, documents, videos, etc.) through a simple HTML form. Once a file is selected and submitted, the backend (built with Node.js) uses the Pinata SDK to upload the file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const { PinataSDK } = require("pinata-web3"); const pinata = new PinataSDK({ pinataJwt: process.env.PINATA_JWT, pinataGateway: process.env.PINATA_GATEWAY }); async function fileUpload() { try { const file = new File(["Hello Pinata"], "TestFile.txt", { type: "text/plain" }); const uploadResponse = await pinata.upload.file(file); console.log(uploadResponse); } catch (error) { console.log(error); } } fileUpload(); </code></pre> </div> <p>This will return an object like the following<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">IpfsHash:</span><span class="w"> </span><span class="err">'bafybeifmho</span><span class="mi">6</span><span class="err">bs</span><span class="mi">7</span><span class="err">aals</span><span class="mi">5</span><span class="err">mui</span><span class="mi">6</span><span class="err">x</span><span class="mi">2</span><span class="err">qiz</span><span class="mi">2</span><span class="err">b</span><span class="mi">6</span><span class="err">ndjeob</span><span class="mi">2e27</span><span class="err">v</span><span class="mi">4</span><span class="err">o</span><span class="mi">4</span><span class="err">fqyobarelpeku'</span><span class="p">,</span><span class="w"> </span><span class="err">PinSize:</span><span class="w"> </span><span class="mi">336015</span><span class="p">,</span><span class="w"> </span><span class="err">Timestamp:</span><span class="w"> </span><span class="err">'</span><span class="mi">2024-10-07</span><span class="err">T</span><span class="mi">10</span><span class="err">:</span><span class="mi">36</span><span class="err">:</span><span class="mi">0</span><span class="mf">1.759</span><span class="err">Z'</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>2. CDN Integration:</strong> Once a file is successfully uploaded, the application generates a link using Pinata’s CDN (Content Delivery Network) gateway, allowing users to access their files via a fast and reliable service. This enhances performance, especially for large files.</p> <ul> <li>Example of a file access link: <code>https://gateway.pinata.cloud/ipfs/YourFileHash</code> </li> </ul> <p>You can check out <a href="https://docs.pinata.cloud/web3/sdk/getting-started" rel="noopener noreferrer">Pinata official documentation</a> for more details.</p> <h2> Conclusion </h2> <p>Building this File Upload Application with Pinata's API provided valuable insights into leveraging decentralized storage systems. By combining IPFS with Pinata’s CDN, I was able to create a fast, reliable solution for uploading and accessing various file types. This project highlights the potential of decentralized technology in enhancing file accessibility and performance.</p> <p>Looking ahead, I'm excited to continue exploring the capabilities of Pinata and IPFS to develop even more powerful decentralized applications.</p> devchallenge pinatachallenge webdev api