Docker容器上的应用程序之间拒绝卷曲连接

Question

我在同一个Docker（Laradock）容器上运行了一个网站（ZF1）和一个API（Laravel）。我可以通过浏览器单独访问每个，但是当我从网站向应用程序发出cURL请求时，我得到一个空响应并且标头返回0.如果我输出cURL错误，那么我得到这个：

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, '[API_ENDPOINT]');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_close ($ch);

echo curl_strerror(curl_errno($ch));

(7) Failed to connect to [API_HOST] port 80: Connection refused

但是，如果我从应用程序向https://www.google.com发出cURL请求，则返回结果。我也尝试过使用file_get_contents（），但是我没有得到任何响应和以下警告：

[Thu May 18 21:41:33.828737 2017] [proxy_fcgi:error] [pid 949:tid 139999802541824] [client 172.20.0.1:49652] AH01071: Got error 'PHP message: PHP Warning:  file_get_contents
([API_ENDPOINT]): failed to open stream: Connection refused in /var/www/projects/[APPLICATION_PATH]/[CONTROLLER].php on line 2367\n', referer: [WEBSITE_HOST]/[URI]

我还连接到Apache2容器，并且能够成功调用API_ENDPOINT并获取预期的数据。然后我尝试使用wget获取标题信息并收到以下内容：

root@cd3a4177dcfa:/var/log/apache2# wget --header="Host: http://subdomain.example.dev/api/calendarevents" -Os http://localhost
--2017-05-19 07:28:15--  http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2017-05-19 07:28:16--  (try: 2)  http://localhost/
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

如果是Apache2问题，这是我的API VirtualHost：

Listen 80
<VirtualHost *:80>
  ServerName subdomain.example.dev
  DocumentRoot /var/www/projects/[API_PROJECT]/public/
  CustomLog /var/log/apache2/[API_HOST]-access.log combined
  ErrorLog /var/log/apache2/[API_HOST]-error.log
  Options Indexes FollowSymLinks

  <Directory "/var/www/projects/[API_PROJECT]/public/">
      Options FollowSymLinks
      AllowOverride All
      Require all Granted
  </Directory>

  # set environment
  #SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 // Did not notice a difference in behavior when enabled
  #CGIPassAuth on // Sites stopped loading when enabled
</VirtualHost>

网站VirtualHost：

Listen 80
<VirtualHost *:80>
  ServerName [WEBSITE_HOST]
  DocumentRoot /var/www/projects/[WEBSITE_PROJECT]
  ErrorLog /var/log/apache2/[WEBSITE_HOST]-error.log
  Options Indexes FollowSymLinks

  <Directory "/var/www/projects/[WEBSITE_PROJECT]/repo">
    Options FollowSymLinks
    AllowOverride All
    Require all Granted
  </Directory>

  # set environment
  SetEnv APPLICATION_ENV development
  SetEnv APPLICATION_LOGGING false
  #SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 // Did not notice a difference in behavior when enabled
  #CGIPassAuth on // Sites stopped loading when enabled
</VirtualHost>

这是Docker信息（Windows 10 / Hyper V / Docker版本17.03.1-ce-win12（12058）频道：稳定）

Containers: 9
 Running: 5
 Paused: 0
 Stopped: 4
Images: 233
Server Version: 17.03.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.27-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.837 GiB
Name: moby
ID: PE42:IS45:4OO6:JMEQ:NWNB:NQDF:RPEL:JPHJ:L6OP:A5SL:IDP3:F7SV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 86
 Goroutines: 74
 System Time: 2017-05-19T04:52:50.5943959Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

这些是我目前正在运行的容器：

CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                                      NAMES
cd3a4177dcfa        laradock_apache2     "/opt/docker/bin/e..."   8 hours ago         Up 8 hours          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   laradock_apache2_1
8ef66cb80a2e        laradock_php-fpm     "docker-php-entryp..."   8 hours ago         Up 8 hours          9000/tcp                                   laradock_php-fpm_1
988eff458036        laradock_workspace   "/sbin/my_init"          8 hours ago         Up 8 hours          0.0.0.0:2222->22/tcp                       laradock_workspace_1
8be5253e8622        laradock_redis       "docker-entrypoint..."   8 hours ago         Up 8 hours          0.0.0.0:6379->6379/tcp                     laradock_redis_1
aa6d8d6ae950        laradock_mysql       "docker-entrypoint..."   8 hours ago         Up 8 hours          0.0.0.0:3306->3306/tcp                     laradock_mysql_1

我不确定是什么原因导致同一容器上的两个站点之间的连接被拒绝。我检查了我的php.ini并且启用了curl和allow_url_fopen = on。我可以通过浏览器和CLI cURL直接访问API_ENDPOINT并获得预期的结果。在这一点上我最好的猜测是某种端口冲突，一个被阻止的授权头，Apache2配置，或某种奇怪的Docker / Laradock问题。我也认为它可能是Apache2和PHP-FPM之间的冲突，但解决方案detailed here似乎对我没有用。

感谢您提前获得的任何帮助。

Answer 1

＆lt; p＆gt;我想出了＆lt; a href =＆＃34; https://github.com/laradock/laradock/issues/435" rel =＆＃34; nofollow noreferrer＆＃34;＆gt;导致我的问题的原因＆lt; / a＆gt;。我需要在docker-compose.yml文件的PHP-FPM部分添加一个额外的主机。所以添加：＆lt; / p＆gt; ＆lt; pre＆gt;＆lt; code＆gt; - ＆＃34; subdomain.example.app：10.0.75.1＆＃34; ＆LT; /代码＆GT;＆LT; /预＆GT; ＆lt; p＆gt;到额外主机。然后，您需要重建容器：＆lt; / p＆gt; ＆lt; pre＆gt;＆lt; code＆gt; docker-compose up -d --build apache2 mysql redis ＆LT; /代码＆GT;＆LT; /预＆GT; ＆lt; p＆gt;这是Laradock的docker-compose.yml的PHP-FPM部分应该是这样的：＆lt; / p＆gt; ＆LT;预＆GT;＆LT;代码＆GT; PHP-FPM：       建立：         上下文：./ php -fpm         ARGS：            - INSTALL_XDEBUG = $ {PHP_FPM_INSTALL_XDEBUG}            - INSTALL_BLACKFIRE = $ {INSTALL_BLACKFIRE}            - INSTALL_SOAP = $ {PHP_FPM_INSTALL_SOAP}            - INSTALL_MONGO = $ {PHP_FPM_INSTALL_MONGO}            - INSTALL_ZIP_ARCHIVE = $ {PHP_FPM_INSTALL_ZIP_ARCHIVE}            - INSTALL_BCMATH = $ {PHP_FPM_INSTALL_BCMATH}            - INSTALL_PHPREDIS = $ {PHP_FPM_INSTALL_PHPREDIS}            - INSTALL_MEMCACHED = $ {PHP_FPM_INSTALL_MEMCACHED}            - INSTALL_OPCACHE = $ {PHP_FPM_INSTALL_OPCACHE}            - INSTALL_EXIF = $ {PHP_FPM_INSTALL_EXIF}            - INSTALL_AEROSPIKE_EXTENSION = $ {PHP_FPM_INSTALL_AEROSPIKE_EXTENSION}            - INSTALL_MYSQLI = true            - INSTALL_TOKENIZER = $ {PHP_FPM_INSTALL_TOKENIZER}            - INSTALL_INTL = $ {PHP_FPM_INSTALL_INTL}            - INSTALL_GHOSTSCRIPT = $ {PHP_FPM_INSTALL_GHOSTSCRIPT}         dockerfile：＆＃34; Dockerfile - $ {PHP_VERSION}＆＃34;       volumes_from：          - 申请       卷：          - ./php-fpm/php${PHP_VERSION}.ini:/usr/local/etc/php/php.ini       暴露：          - ＆＃34; 9000＆＃34;       依赖于取决于：          - 工作空间       extra_hosts：          - ＆＃34; dockerhost：$ {DOCKER_HOST_IP}＆＃34;          - ＆＃34; subdomain.example.app：10.0.75.1＆＃34;       环境：          - PHP_IDE_CONFIG = $ {PHP_IDE_CONFIG}       网络：          - 后端 ＆LT; /代码＆GT;＆LT; /预＆GT;

Answer 2

而不是添加到php-fpm容器的extra_hosts中。 修改Apache2容器的后端网络定义并添加别名。 这是您不必每次IP更改时都不断更改extra_hosts

    networks:
        frontend:              
        backend:
         aliases:
          - subdomain.example.app