大家好,我得到400代码响应。我正在尝试在docker上部署MEAN堆栈应用程序,因此我正在使用反向代理进行无端口的后端和前端通信
我的https:// site.app/api有效,但是我的前端获得了
400错误请求,将普通的http请求发送到https
这对我来说是新的,所以我看了一些教程和帖子来解决它,但是我没有任何解决方案 如果我只是将ssl放在前端,那是可以的,但是当我尝试发送数据或类似内容时,后端会出现ssl错误连接的错误提示
我已经通过邮递员使用URL https:// site.app/api发送了数据,所以我可以说这是可行的
DOCKERFILE
FROM node:14.3.0 As builder
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app/
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build --prod
FROM nginx:1.19
COPY --from=builder /usr/src/app/dist/advanced-angular/ /usr/share/nginx/html
RUN rm -rf /etc/nginx/conf.d/default.conf
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]
这是我的docker-compose文件
Docker Compose
version: "3.6" # Version del docker-compose
services: # Definir la lista de servicios que se crearan
frontend: # nombre del primer servicio
image: myImage
restart: always
container_name: frontend
# command: ["npm", "start"]
ports:
- "80:80" # Especificar el puerto que sera Mapeado
- "443:443"
volumes: #el volume donde estara el projecto para que pueda ser editatado
- ./ssl/:/etc/nginx/ssl/
- ./nginx-conf/:/etc/nginx/conf.d/
networks:
- webNet
depends_on:
- backend
- mongo
backend:
image: myImage
restart: always
container_name: backend
env_file: .env
environment:
- MONGO_USERNAME=$MONGO_USERNAME
- MONGO_PASSWORD=$MONGO_PASSWORD
- MONGO_HOSTNAME=mongo
- MONGO_PORT=$MONGO_PORT
- MONGO_DB=$MONGO_DB
# command: ["npm", "run", "dev"]
ports:
- "3000:3000"
# volumes:
# - ./api-server:/usr/src/app
networks:
- webNet
depends_on:
- mongo
mongo:
image: mongo:4.2.7-bionic
restart: always
container_name: mongo
env_file: .env
environment:
- MONGO_INITDB_ROOT_USERNAME=$MONGO_USERNAME
- MONGO_INITDB_ROOT_PASSWORD=$MONGO_PASSWORD
ports:
- "27017:27017"
networks:
- webNet
volumes:
- /opt/mongo/prod:/data/db
networks:
webNet:
driver: bridge
我的nginx配置 nginx.conf
upstream frontend {
least_conn;
server frontend:443 max_fails=3 fail_timeout=30s;
}
upstream backend {
least_conn;
server backend:3000 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name vecin.app www.vecin.app;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/chain.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
location / {
proxy_pass http://frontend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_certificate /etc/nginx/ssl/chain.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/key.key;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# proxy_redirect http:// https://;
}
location /api{
proxy_pass http://backend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_certificate /etc/nginx/ssl/chain.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/key.key;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# proxy_redirect http:// https://;
}
root /usr/share/nginx/html/;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 80;
listen [::]:80;
server_name vecin.app www.vecin.app;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
答案 0 :(得分:0)
我要承认我不是nginx专家,并且正在寻找解决方案。我将发布此答案,因为到目前为止没有人给您答案。
我注意到您nginx.conf文件中的措词与在线指南上看到的将所有HTTP流量重定向到nginx上的HTTPS稍有不同。您的文件在此部分结束:
server {
listen 80;
listen [::]:80;
server_name vecin.app www.vecin.app;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
我看到的指南建议这种格式可能更合适:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
关键区别似乎是返回301永久重定向,而不是简单地重写URL。该错误消息似乎与将HTML发送到期望HTTPS的端口有关。那就是对我的暗示,即Docker容器运行良好,Docker网络运行正常,nginx正在运行。剩下的机制使您可以将流量重定向为主要嫌疑人。让我们知道这是否有效!