无法连接到Nginx中的supevisor-socket

时间:2015-12-07 07:50:06

标签: nginx docker docker-compose supervisor

我有一个使用nginx和我的Flask应用程序(app-container)的Docker设置。 nginx-container没有任何特殊之处。 app-container包含我的Flask-application,uWSGI和Supervisor。此容器共享uWSIG-socket所在的卷,因此nginx-container可以使用该套接字。这按预期工作,但是,我无法通过nginx访问Supervisor的Web界面。我在Google上找不到与此有关的任何内容,所以我希望你们能帮助我。

这是我的配置文件:

搬运工-撰写 

app:
  restart: always
  build: ./app
  command: supervisord -c /www-botillsammans-conf/supervisord.ini
  volumes:
    - '/www-botillsammans-conf'

nginx:
  restart: always
  build: ./nginx
  command: nginx -c /www-botillsammans-nginx/nginx.conf
  ports:
    - '80:80'
    - '443:443'
  volumes_from:
    - 'app'

nginx的 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream flask {
    server unix:/www-botillsammans-conf/www.uwsgi.sock;
}

upstream supervisor {
    server unix:/tmp/supervisor.sock;
}

server {
    listen 443 ssl;
    server_name botillsammans.nu www.botillsammans.nu;

    access_log /var/log/nginx/ssl_botillsammans.access.log;
    error_log /var/log/nginx/ssl_botillsammans.error.log;

    server_tokens off;

    ssl_certificate fullchain.pem;
    ssl_certificate_key privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # Disable SSLv3
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    # Fix Diffie-Hellman for TLS
    # More info: https://weakdh.org/sysadmin.html
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_dhparam /www-botillsammans-nginx/ssl/dhparams.pem;

    add_header Strict-Transport-Security max-age=15768000;

    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate chain1.pem;
    resolver 8.8.8.8 8.8.4.4 valid=86400;
    resolver_timeout 10;

    location / {
        uwsgi_pass flask;
        include uwsgi_params;
        proxy_set_header X-Prerender-Token xADstXQmfnMxFZn6SXTq;
    }

    location /supervisor {
        proxy_pass https://supervisor;
    }

    location /supervisor2 {
        proxy_pass http://supervisor;
    }
}

主管conf     [unix_http_server]     file = /tmp/supervisor.sock     chmod = 0777     chown = 1001:500 

[supervisord]
nodaemon = true
pidfile = /tmp/supervisord.pid
logfile = /var/log/supervisor/supervisor.log
logfile_maxbytes = 10MB

[supervisorctl]
serverurl = unix:///tmp/supervisor.sock
username = supervisor
password = pass

[program:www]
user = supervisor
command = uwsgi --thunder-lock --ini /www-botillsammans-conf/www.uwsgi.ini
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/www.out.log
stderr_logfile = /var/log/supervisor/www.err.log
stdout_logfile_maxbytes = 10MB
stderr_logfile_maxbytes = 10MB
exitcodes = 0
stopsignal = HUP

我认为这是所有相关配置。所以,我的问题是如何通过UNIX套接字让管理程序与nginx一起工作?

1 个答案:

答案 0 :(得分:0)

我解决了!

我最终为主管做了一个子域,如果主管没有自己的子域,那么在某个地方读取主管和nginx并不能很好地协同工作。所以现在这是我的配置文件:

nginx(主管子域名) 

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

upstream supervisor {
  server unix:/conf/supervisor.sock;
}

# HTTP redirect
server {
  listen 80;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  server_name supervisor.example.com;

  access_log /var/log/nginx/supervisor.access.log;
  error_log /var/log/nginx/supervisor.error.log;

  server_tokens off;

  ssl_certificate /etc/ssl/supervisor/fullchain1.pem;
  ssl_certificate_key /etc/ssl/supervisor/privkey1.pem;

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;

  # Disable SSLv3
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_prefer_server_ciphers on;

  # Fix Diffie-Hellman for TLS
  # More info: https://weakdh.org/sysadmin.html
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_dhparam /etc/ssl/dhparams.pem;

  add_header Strict-Transport-Security max-age=15768000;

  ssl_stapling on;
  ssl_stapling_verify on;

  ## verify chain of trust of OCSP response using Root CA and Intermediate certs
  ssl_trusted_certificate /etc/ssl/supervisor/chain1.pem;
  resolver 8.8.8.8 8.8.4.4 valid=86400;
  resolver_timeout 10;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # hack the host https://github.com/Supervisor/supervisor/issues/251
    proxy_set_header Host $http_host/supervisor/index.html;
    proxy_redirect off;
    rewrite ^/supervisor(.*)$ /$1 break;
    proxy_pass http://supervisor;
  }
}

<强> supervisord.ini 

[unix_http_server]
file = /conf/supervisor.sock
chmod = 0770
chown = 1001:500
username = user
password = password

[supervisord]
nodaemon = true
pidfile = /conf/supervisor.pid
logfile = /var/log/supervisor/supervisor.log
childlogdir = /var/log/supervisor/
loglevel = debug
logfile_maxbytes = 10MB

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl = unix:///conf/supervisor.sock
historyfile = /var/log/supervisor/historyfile

[program:www]
user = supervisor
command = uwsgi --thunder-lock --ini /conf/www.uwsgi.ini
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/www.out.log
stderr_logfile = /var/log/supervisor/www.err.log
stdout_logfile_maxbytes = 10MB
stderr_logfile_maxbytes = 10MB
exitcodes = 0
stopsignal = HUP
相关问题
最新问题