我正在玩码头工,我现在面对的是一个我无法解决的问题。
我已经安装了Jenkins,SonarQube,Nexus,Postgres,openshift作为Docker镜像,并将它们设置为nginx作为反向代理,它本身作为docker镜像安装。
路由工作正常,但对于openshift。我根据文档创建并运行容器,但将网络更改为" bridge"所以nginx和openshift在同一个网络中。
$ sudo docker run -d --name "origin" \
--privileged --pid=host --net=bridge \
-v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw \
-v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes \
openshift/origin start
列出我得到的容器
root@v22015111607829502:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c1e3fe0d7fb6 nginx-img "nginx" 22 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx
208fd0f387e0 openshift/origin "/usr/bin/openshift s" About an hour ago Up About an hour 53/tcp, 8443/tcp openshift
2a1a2d2cfa6a sonar-img "./bin/run.sh" 2 days ago Up About an hour 9000/tcp sonar
baf34805dcac postgres-img "/docker-entrypoint.s" 2 days ago Up About an hour 0.0.0.0:5432->5432/tcp postgres
302b53c74bd5 nexus-img "/bin/sh -c '${JAVA_H" 2 days ago Up About an hour 8081/tcp nexus
31e6560c6584 jenkins-master-img "/bin/tini -- /usr/lo" 2 days ago Up About an hour 8080/tcp, 50000/tcp jenkins-master
a886b94db083 jenkins-data-img "echo 'Data container" 3 days ago Exited (0) 3 days ago jenkins-data
只能从外部访问postgres和nginx。我使用
运行nginx链接到其他容器docker run -p 80:80 --name=nginx --link jenkins-master:jenkins-master --link nexus:nexus --link sonar:sonar --link openshift:openshift -d nginx-img
无论如何,当我尝试使用
通过nginx调用openshift时http://myipaddress/paas
浏览器尝试下载文件(application / octec-stream)并在nginx error.log上获取
root@v22015111607829502:~# docker exec nginx cat /var/log/nginx/error.log
2016/07/24 10:51:06 [error] 9#0: *1 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 78.53.33.101, server: , request: "GET /paas/ HTTP/1.1", upstream: "http://172.17.0.6:8443/", host: "myipaddress"
这是nginx.conf
daemon off;
user nginx;
worker_processes 10;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
default_type application/octet-stream;
# default_type application/text/html;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 300m;
client_body_buffer_size 128k;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_min_length 0;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/xml application/xml+rss application/javascript application/json;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
}
和sites.conf
server {
listen 80;
server_name "";
access_log off;
location ^~ /ci/ {
proxy_pass http://jenkins-master:8080/ci/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ^~ /nexus/ {
proxy_pass http://nexus:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ^~ /sonar/ {
proxy_pass http://sonar:9000/sonar/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ^~ /paas/ {
proxy_pass https://openshift:8443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto http;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
如果我使用
运行openshift docker容器--net=host
我用
打电话给openshifthttp://myipaddress:8443/
我得到像
这样的加密数据�
但如果使用
在浏览器上调用openshifthttps://myipaddress:8443/
比它有效。我认为问题可能是那个
有人知道如何解决这个问题吗?这是一种可接受的方法吗?
更新
如果openshift在--net = host上运行,我将openshift的位置配置更改为
location ^~ /paas/ {
proxy_pass https://$host:8443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_buffering off;
proxy_redirect off;
}
它几乎"工作,但浏览器显示端口。如何让nginx不重定向请求?