我对docker和docker-compose很新。
我正在尝试在一台服务器上托管多个使用HTTPS的网站。
无法生成SSL证书,因为locahost它不是正常的有效主机。
我收到502错误的网关错误。
似乎nginx-proxy无法正确地传输到容器。
这是我的docker-compose
version: '3'
services:
nginx-proxy:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx-proxy"
networks:
webproxy:
external: true
在网站级别,我有以下docker-compose,其中我运行两个conainers,php-fpm(包括我的wordpress文件)和nginx容器。我正在使用这个nginx容器来添加我自己的nginx配置文件。
version: '3.1'
services:
php:
build: ./docker/php/
restart: unless-stopped
volumes:
- wordpress:/var/www/html
nginx:
image: nginx:1-alpine
restart: unless-stopped
expose:
- 80
- 443
volumes:
- wordpress:/var/www/html
- ./docker/nginx/site.conf:/etc/nginx/conf.d/default.conf
- ./docker/nginx/wordpress.conf:/etc/nginx/wordpress.conf
environment:
- LETSENCRYPT_HOST=
- VIRTUAL_HOST=localhost
- VIRTUAL_PORT=80
volumes:
wordpress: {}
networks:
default:
external:
name: webproxy
这是nginx-proxy容器中生成的/etc/nginx/conf.d/default.conf
# localhost
upstream localhost {
# Cannot connect to network of this container
server 127.0.0.1 down;
}
server {
server_name localhost;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/localhost.crt;
ssl_certificate_key /etc/nginx/certs/localhost.key;
ssl_dhparam /etc/nginx/certs/localhost.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/localhost.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://localhost;
}
nginx-proxy记录
nginx-proxy | localhost 172.22.0.1 - - [10/May/2018:17:52:40 +0000] "GET / HTTP/2.0" 502 173 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx-proxy | 2018/05/10 17:54:47 [error] 7#7: *4 no live upstreams while connecting to upstream, client: 172.22.0.1, server: localhost, request: "GET / HTTP/2.0", upstream: "http://localhost/", host: "localhost"
自从我第一次发布以来,我添加了VIRTUAL_PORT = 80,但它没有帮助。
我也尝试直接代理php容器,但没有成功。
docker inspect on nginx container on proxied shows
"Config": {
"Hostname": "4859d3794982",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"443/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"VIRTUAL_PORT=80",
"LETSENCRYPT_HOST=localhost",
"VIRTUAL_HOST=localhost",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.13.1"
],
"Networks": {
"webproxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"nginx",
"4859d3794982"
],
"NetworkID": "6ac6af1b951c780c1334c55862025bd7916643dd13dc02976f2ed176a7ed7619",
"EndpointID": "3e379cd7a020e65f5ea6db8dbafe144d5b6ad5575b183dee64487f7046f0e3a2",
"Gateway": "172.23.0.1",
"IPAddress": "172.23.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:17:00:05",
"DriverOpts": null
答案 0 :(得分:1)
我认为你的网络命令在第一个撰写文件中是错误的
networks:
webproxy:
external: true
指定必须存在的名为webproxy的网络。 (想必你创造了它?)。但是,您不会将任何容器附加到该网络。
另一个撰写文件有
networks:
default:
external:
name: webproxy
除了所有容器都自动附加到default
网络外,其他功能相同。因此,使第一个文件匹配可能会清除您的问题(虽然我没有研究那个神奇的nginx配置生成器做了什么;)