502 Bad Gateway Nginx反向代理

时间:2018-05-10 00:14:57

标签: docker nginx docker-compose jwilder-nginx-proxy bad-gateway

我对docker和docker-compose很新。

我正在尝试在一台服务器上托管多个使用HTTPS的网站。

无法生成SSL证书,因为locahost它不是正常的有效主机。

我收到502错误的网关错误。

似乎nginx-proxy无法正确地传输到容器。

这是我的docker-compose

version: '3'

services:
  nginx-proxy:
    image: nginx
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro

  nginx-gen:
    image: jwilder/docker-gen
    command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    container_name: nginx-gen
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
      NGINX_PROXY_CONTAINER: "nginx-proxy"


networks:
  webproxy:
    external: true

在网站级别,我有以下docker-compose,其中我运行两个conainers,php-fpm(包括我的wordpress文件)和nginx容器。我正在使用这个nginx容器来添加我自己的nginx配置文件。

version: '3.1'

services:

  php:
    build: ./docker/php/
    restart: unless-stopped
    volumes:
       - wordpress:/var/www/html

  nginx:
    image: nginx:1-alpine
    restart: unless-stopped
    expose:
      - 80
      - 443
    volumes:
      - wordpress:/var/www/html
      - ./docker/nginx/site.conf:/etc/nginx/conf.d/default.conf
      - ./docker/nginx/wordpress.conf:/etc/nginx/wordpress.conf
    environment:
     - LETSENCRYPT_HOST=
     - VIRTUAL_HOST=localhost
     - VIRTUAL_PORT=80

volumes:
  wordpress: {}


networks:
  default:
    external:
      name: webproxy

这是nginx-proxy容器中生成的/etc/nginx/conf.d/default.conf

# localhost
upstream localhost {
                # Cannot connect to network of this container
                server 127.0.0.1 down;
}
server {
    server_name localhost;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name localhost;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/localhost.crt;
    ssl_certificate_key /etc/nginx/certs/localhost.key;
    ssl_dhparam /etc/nginx/certs/localhost.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/localhost.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://localhost;
    }

nginx-proxy记录

nginx-proxy          | localhost 172.22.0.1 - - [10/May/2018:17:52:40 +0000] "GET / HTTP/2.0" 502 173 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx-proxy          | 2018/05/10 17:54:47 [error] 7#7: *4 no live upstreams while connecting to upstream, client: 172.22.0.1, server: localhost, request: "GET / HTTP/2.0", upstream: "http://localhost/", host: "localhost"

自从我第一次发布以来,我添加了VIRTUAL_PORT = 80,但它没有帮助。

我也尝试直接代理php容器,但没有成功。

docker inspect on nginx container on proxied shows

"Config": {
            "Hostname": "4859d3794982",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "443/tcp": {},
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "VIRTUAL_PORT=80",
                "LETSENCRYPT_HOST=localhost",
                "VIRTUAL_HOST=localhost",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.13.1"
            ],

"Networks": {
                "webproxy": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "nginx",
                        "4859d3794982"
                    ],
                    "NetworkID": "6ac6af1b951c780c1334c55862025bd7916643dd13dc02976f2ed176a7ed7619",
                    "EndpointID": "3e379cd7a020e65f5ea6db8dbafe144d5b6ad5575b183dee64487f7046f0e3a2",
                    "Gateway": "172.23.0.1",
                    "IPAddress": "172.23.0.5",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:17:00:05",
                    "DriverOpts": null

1 个答案:

答案 0 :(得分:1)

我认为你的网络命令在第一个撰写文件中是错误的

networks:
  webproxy:
    external: true

指定必须存在的名为webproxy的网络。 (想必你创造了它?)。但是,您不会将任何容器附加到该网络。

另一个撰写文件有

networks:
  default:
    external:
      name: webproxy

除了所有容器都自动附加到default网络外,其他功能相同。因此,使第一个文件匹配可能会清除您的问题(虽然我没有研究那个神奇的nginx配置生成器做了什么;)