为什么这个Nginx conf允许在其他主机名/端口上访问Gitlab?

时间:2016-07-27 16:51:18

标签: nginx vagrant port gitlab iptables

整个系统位于Vagrant框内。 Nginx安装在Vagrant框中,Gitlab位于docker container。我能够在

到达Gitlab 
http://gitlab/

/etc/hosts中所述,但也可以在

处找到 
http://gitlab:10080/


http://192.168.7.7:10080/

但是,该端口应该关闭! Gitlab只能通过端口80上的自定义URL访问。

nginx.conf 

events {
  worker_connections  1024; 
}

http {

  upstream gitlab {
    server 192.168.7.7:10080;
  }

  server {
    listen 80;
    server_name gitlab-dw;
    port_in_redirect off;
    location / {
      proxy_pass http://gitlab;
    }
  }

}

搬运工-compose.yml 

version: '2'

services:

  redis:
    restart: always
    image: sameersbn/redis:latest
    command:
    - --loglevel warning
    volumes:
    - /opt/redis:/var/lib/redis:Z
  postgresql:
    restart: always
    image: sameersbn/postgresql:9.4-23
    volumes:
    - /opt/postgresql:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm

  gitlab:
    restart: always
    image: sameersbn/gitlab:8.9.6-1
    depends_on:
    - redis
    - postgresql
    ports:
    - "192.168.7.7:10080:80"
    - "192.168.7.7:5500:5500"
    - "192.168.7.7:10022:22"
    volumes:
    - /opt/gitlab:/home/git/data:Z
    - /opt/gitlab/logs:/var/log/gitlab
    - ./gitlab-runner/conf:/etc/gitlab-runner

    - /home/vagrant/certs:/certs
    environment:
    - DEBUG=false

    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379
    - GITLAB_SSH_PORT=10022
    - GITLAB_PORT=10080
    - GITLAB_HOST=127.0.0.1
    - GITLAB_SECRETS_DB_KEY_BASE=superrandomsecret

    - GITLAB_REGISTRY_ENABLED=false

Vagrantfile 

Vagrant.configure(2) do |config|

  if Vagrant.has_plugin?("vagrant-cachier")
    config.cache.scope = :box
  end

  config.vm.define "jenkins-gitlab" do |config|
    config.vm.box = "ubuntu/trusty64"
    config.vm.hostname = "jenkins-gitlab"
    config.vm.boot_timeout = 300

    config.vm.provision :shell, path: "provision.sh"

    # Since we mount the dir using NFS we need a private network
    config.vm.network :private_network, ip: "192.168.7.7"

    config.vm.synced_folder "docker-compose", "/home/vagrant/docker-compose"

    config.vm.provider "virtualbox" do |vb|
      vb.gui = false
      vb.memory = 8192
      vb.cpus = 4
    end
  end
end

/ etc / hosts (部分,在主机上)

192.168.7.7 gitlab-dw
192.168.7.7  jenkins-gitlab  # VAGRANT: 7fb8647acc689de630f1c7e6550fd33f (jenkins-gitlab) / 9d0a108b-f842-4787-83e5-cfebecbb9d1e

/ etc / hosts (在Vagrant嘉宾身上)

192.168.7.7 gitlab-dw

[UPDATE] 此外,如果我在DOCKER_OPTS="--iptables=false"中更改/etc/default/docker,则端口转发仍然有效 如果我通过docker exec -it containername /bin/bash连接到我的容器并使sudo iptables -L容器的iptables看起来像:

root@11bb3902cb02:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

2 个答案:

答案 0 :(得分:1)

您正在Docker之外运行Nginx实例。因此,需要公开Docker端口,以便Nginx连接到Docker内的服务。一旦暴露,您就可以连接到该服务,就像Nginx一样。

无法重新考虑整个设计,无法解决您的问题。

答案 1 :(得分:1)

在摧毁整个流浪盒后,将其检出并再次启动,现在可以正常工作。

也许有一个问题是,我将nginx.conf复制到/etc/nginx/sites-available/作为名为default的文件,但我将其复制到/etc/nginx.conf

现在它有效,不知道究竟是什么问题,但它现在已经解决了。

相关问题
最新问题