Optional API Gateway Integration
The Node.js Quickstart Generator supports seamlessly injecting a hardened API Gateway in front of your Node.js application to handle ingress traffic, rate limiting, and security rules.
Overview
When you enable Advanced Options and your API type is REST or GraphQL, you can optionally deploy your microservice behind an enterprise API Gateway. We support two top-tier solutions out of the box:
- Nginx: A high-performance web server acting as a reverse proxy, pre-configured with strict security headers and rate limiting.
- Kong (DB-less): A powerful API Gateway configured in a declarative (stateless) mode, leveraging plugins for rate-limiting and Key Authentication.
Why Do You Need an API Gateway?
While Node.js is excellent at handling asynchronous I/O and business logic, it shouldn't be exposed directly to the open internet in production. An API Gateway provides several critical advantages:
- Security & Load Protection: Shields your Node.js app from DDoS attacks, brute-force attempts, and malformed requests through rate-limiting and connection buffering.
- Offloading: Handles SSL/TLS termination, gzip compression, and static file serving, freeing up Node.js CPU cycles for core business logic.
- Authentication: Centralizes API key validation (Kong) or JWT verification before requests even reach your services.
- Scalability: Acts as a load balancer (Reverse Proxy) capable of distributing incoming traffic seamlessly across multiple backend instances.
Architecture
When an API Gateway is selected, the generator outputs a dedicated deploy/gateway/ directory containing the gateway blueprints.
project-root/
├── src/
├── docker-compose.yml
└── deploy/
└── gateway/
├── nginx.conf (or kong.yml)
└── docker-compose.nginx.yml (or docker-compose.kong.yml)Supported Gateways
1. Nginx
Nginx acts as a fast and secure reverse proxy. Our hardened blueprint includes:
- Rate Limiting: Throttles brute-force attempts out of the box (
10r/s). - Security Headers: Injects
X-Frame-Options,Content-Security-Policy, and more to secure your downstream Node.js app. - Proxy Pass: Transparently forwards traffic to the
app:3000internal network alias.
2. Kong (DB-less)
Kong in DB-less mode uses a declarative kong.yml file, eliminating the need for an external PostgreSQL database.
- Rate-Limiting Plugin: Enforces traffic control policies.
- Key-Auth Plugin: Protects routes using
apikeyvalidation, requiring consumers to pass a valid key.
Configuration Details
Nginx Configuration
- Port Mapping: Nginx exposes port
80to the host by default. - Docker Compose: The
docker-compose.nginx.ymluses a localDockerfileto build the Nginx image. It automatically resolves the Node.js application via the internalappservice name. - Rules Customization: You can modify
nginx.confdirectly to tweak the rate limit zones, SSL certificates, or proxy buffering.
Kong Configuration
- Port Mapping: Kong exposes port
8000(Proxy API) and8001(Admin API) to the host. Secure ports8443and8444are also mapped. - Declarative File: The
kong.ymlis mounted as a volume directly into the container (KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml). Any changes tokong.ymlrequire a container restart to apply. - Logs: Proxy and Admin logs are routed to
stdout/stderrfor easy tracking.
Deployment
To deploy your application with the API Gateway:
- Spin up the Node.js application and its infrastructure (from the project root):bash
docker-compose up -d - Navigate to the gateway directory:bash
cd deploy/gateway - Launch the gateway container:bash
docker-compose -f docker-compose.nginx.yml up -d # or docker-compose.kong.yml