在nginx docker容器上强制https

时间:2017-10-25 12:23:21

标签: docker nginx https

我已经构建了一个使用三个Docker容器的网站(mysql,nginx和php7.0-fpm)。我已经通过SSL设置了所有内容,因此直接与https://domain.dev建立的连接可以正常工作。问题是与http://domain.dev的连接导致“拒绝连接”错误。

这是我的(相关)设置:

搬运工-compose.yml 

services:
     nginx:
          build: ./nginx/
          ports:
               - 443:443
          volumes:
               - ${APPLICATION_ROOT}:/${WEBROOT}
               - ./ssl:/etc/nginx/ssl
               - ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
          restart: always
          depends_on:
               - php
          environment:
               ENVIRONMENT: "${APPLICATION_ENV}"
               URL: "${APPLICATION_URL}"
          container_name: nginx

 php:
      build: ./php/
      ports:
           - 8080:80
      volumes:
           - ${APPLICATION_ROOT}:/${WEBROOT}
      restart: always
      depends_on:
           - mysql
      environment:
           ENVIRONMENT: "${APPLICATION_ENV}"
           URL: "${APPLICATION_URL}"
           MYSQL_HOST: "${DB_HOST}"
           MYSQL_DATABASE: "${DB_NAME}"
           MYSQL_USER: "${DB_USERNAME}"
           MYSQL_PASSWORD: "${DB_PASSWORD}"
      container_name: php

环境变量存储在.env文件btw

Dockerfile 

FROM nginx:latest

# Update package libraries
RUN apt-get update -y && \
     apt-get install -y \
          nano \ 
          curl \
          wget \
          unzip \
          libmcrypt-dev \

default.conf 

server {
     listen 80;
     index index.php index.html;
     server_name $URL_from_env;
     return 301 https://$host$request_uri;
}

server{
     listen 443 ssl http2;
     index index.php index.html;
     server_name $URL_from_env;
     error_log  /var/log/nginx/error.log;
     access_log /var/log/nginx/access.log;
     root /var/www/html/public;

     # set max upload
     client_max_body_size 500M;

     ssl    on;
     ssl_certificate    /etc/nginx/ssl/cert.pem;
     ssl_certificate_key    /etc/nginx/ssl/cert.key;

     # use fastcgi for all php files
     location ~ \.php$ {
          try_files $uri =404;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass php:9000;
          fastcgi_index index.php;

          # include fastcgi parameters
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
     }

     # rewrite url's & parse through index
     location / {
          try_files $uri $uri/ /hub/index.php?$args;

          # set max upload
          client_max_body_size 500M;
     }
}

我预计nginx配置的第一部分应该强制通过https的流量,但显然它没有。我错过了什么?

1 个答案:

答案 0 :(得分:0)

在您的撰写文件中,您仍然需要对端口80进行nginx访问,因此它可以在内部重新连接。否则,您将尝试连接到已关闭的端口,从而导致拒绝连接"。

services:
 nginx:
      build: ./nginx/
      ports:
           - 443:443
           - 80:80
      volumes:
           - ${APPLICATION_ROOT}:/${WEBROOT}
           - ./ssl:/etc/nginx/ssl
           - ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
      restart: always
      depends_on:
           - php
      environment:
           ENVIRONMENT: "${APPLICATION_ENV}"
           URL: "${APPLICATION_URL}"
      container_name: nginx
相关问题
最新问题