Proxy Suggestions

Discussion in 'ISPConfig 3 Priority Support' started by conductive, Jun 30, 2026.

  1. conductive

    conductive Member HowtoForge Supporter

    I was attempting to configure a few apps with APIs. Unfortunately securely passing key with something like a .env variable is problematic from a security standpoint. It seems to me that perhaps using a proxy server to pass the keys might be a better idea. I am currently running a Debian NGINX ISPconfig server and was wondering what is the best way to handle API keys and how to do it. NGINX proxy? php proxy? and will this work on a basic ISPconfig site?
     
  2. conductive

    conductive Member HowtoForge Supporter

    I'm trying to set up a reverse proxy for WeatherAPI.com to hide the API key and bypass CORS on my subdomain weather.Mydomain.com (ISPConfig + NGINX on Debian)."

    My current NGINX directive block:
    location ^~ /api/weather/ {
    proxy_pass https://api.weatherapi.com;
    proxy_set_header Host api.weatherapi.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_ssl_server_name on;
    proxy_ssl_protocols TLSv1.2 TLSv1.3;
    proxy_ssl_verify off;

    proxy_buffering off;
    proxy_cache off;
    }

    Accessing /api/weather/v1/forecast.json?... gives 404 or 502. Direct curl to api.weatherapi.com works.
    My Goal is to get a Simple, reliable proxy to hide the key.
     
  3. conductive

    conductive Member HowtoForge Supporter

    Made some progress by setting up:
    Sites > Redirect
    Redirect Type: Proxy
    Redirect Path: https://api.weatherapi.com

    set $weather_key My_API_Key;
    proxy_set_header key $weather_key;
    proxy_set_header Host api.weatherapi.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_ssl_server_name on;
    proxy_ssl_protocols TLSv1.2 TLSv1.3;
    proxy_ssl_verify off;

    But can not properly pass API key. API is returning:
    code 1002
    message "API key is invalid or not provided."
     

Share This Page