This content originally appeared on DEV Community and was authored by Jaykishan Ka.Patel
🔒 Problem
Have you ever faced this situation?
You have a local system for development,
but the external public cloud server IP is whitelisted to a third party API server for accessing their APIs.
For example:
- https://xyz.com/api is accessible only from your public server’s IP
- Your local system's IP is not whitelisted
You want to call the API from local for development or testing — but the API rejects it.
Let's learn how to tunnel HTTPS API requests through a whitelisted public server using Nginx reverse proxy in Docker. Perfect for local development behind IP restrictions.
This post walks you through setting up a secure reverse proxy using
Nginx and Docker, complete with JWT-based authentication.
⚙️ Architecture Overview
We’ll create a reverse proxy on your public server (the one with the whitelisted IP) and your local machine will call this proxy instead of the actual API.
Here's the flow:
Local System ──────> Public Server (Nginx Proxy) ──────> https://xyz.com/api
↑
Whitelisted IP ✅
This way, your API calls will appear to come from the public server, even when originating locally.
⚙️ Step 1: Prepare the Directory Structure
On your public server, create a folder for the proxy setup:
mkdir -p /opt/api-proxy/nginx
cd /opt/api-proxy
Directory layout:
/opt/api-proxy/
├── docker-compose.yml
└── nginx/
└── default.conf
🐳 Step 2: Docker Compose Setup
Here’s the Docker Compose file (docker-compose.yml):
version: "3.8"
services:
api-proxy:
image: nginx:alpine
container_name: api-proxy
restart: unless-stopped
ports:
- "8443:443" # HTTPS port
- "8080:80" # Optional HTTP port for testing
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certs:/etc/nginx/certs:ro
environment:
- TZ=Asia/Kolkata
🧱 Step 3: Nginx Reverse Proxy Configuration
Create the file /opt/api-proxy/nginx/default.conf with the following content:
server {
listen 80;
listen 443 ssl;
server_name _;
# SSL certificates (replace with real ones if you have them)
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 1️⃣ TOKEN ENDPOINT
location /token {
proxy_pass https://xyz.com/token;
proxy_set_header Host xyz.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
client_max_body_size 10M;
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 2️⃣ API ENDPOINT
location /api/ {
proxy_pass https://xyz.com/api/;
proxy_set_header Host xyz.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_pass_request_headers on;
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 3️⃣ HEALTH CHECK
location /health {
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
🔐 Step 4: Add SSL Certificates
If you have a valid domain for your public server, you can issue free SSL certs with Let’s Encrypt:
sudo apt install certbot python3-certbot-nginx
sudo certbot certonly --nginx -d your-public-server.com
Then copy the certificates into:
/opt/api-proxy/nginx/certs/fullchain.pem
/opt/api-proxy/nginx/certs/privkey.pem
If you don’t have a domain yet, comment out the SSL lines and use only listen 80;.
🚀 Step 5: Run the Proxy
Start the container:
cd /opt/api-proxy
docker compose up -d
Check if it’s running:
docker ps
curl http://<your-public-server-ip>:8080/health
🧪 Step 6: Test From Local System
Once the container is up, your local machine can call the proxy instead of the real API.
1️⃣ Get Token
curl -k -X POST https://<public-server-domain>:8443/token \
-H "Content-Type: application/json" \
-d '{"username":"user","password":"pass"}'
Response:
{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}
2️⃣ Call Actual API
curl -k -X GET https://<public-server-domain>:8443/api/data \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
✅ The request goes through your public server
✅ The API sees your whitelisted IP
✅ You will get the response locally — as if you were calling from the server
🧠 Conclusion
You can now access secure APIs behind IP whitelisting from your local machine — safely and efficiently.
This setup is perfect for:
- Developers working behind NAT or firewalls
- Local testing with real APIs
- CI/CD environments that require whitelisted access
✅ Key Takeaways
- Use Docker + Nginx for isolated, reproducible setups.
- Always enforce HTTPS to secure external communications.
- Handle JWT tokens securely before proxying API calls.
- Perfect for developers testing third-party API integrations
Author: Jaykishan KaPatel
LinkedIn: Jaykishan KaPatel
This content originally appeared on DEV Community and was authored by Jaykishan Ka.Patel
Jaykishan Ka.Patel | Sciencx (2025-10-28T17:27:55+00:00) Access HTTPS APIs Behind IP Whitelisting Using Nginx Reverse Proxy in Docker. Retrieved from https://www.scien.cx/2025/10/28/access-https-apis-behind-ip-whitelisting-using-nginx-reverse-proxy-in-docker-2/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.