Nginx

/ etc / nginx / sites-enabled / default

chapter-ids

/etc/nginx/sites-enabled/jesse.red [VHOST]

upstream reverse_proxy {
  server 35.237.158.31:8080;
}

server {
  listen 80;
  server_name 35.237.158.31;

  location / {                                                      
    proxy_pass http://reverse_proxy;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_cache_bypass $http_upgrade;
  }

}

Docker

下面在2600上运行

upstream jessered {
    server 127.0.0.1:2600; # <-- PORT 2600
}
server {

  server_name jesse.red;
  #root /var/www/jesse.red/;

    # ---------------------------------------------------------------
    # Location
    # ---------------------------------------------------------------
    location / {
        proxy_pass          http://jessered;
        #proxy_http_version  1.1;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection 'upgrade';
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_cache_bypass  $http_upgrade;
        proxy_read_timeout  90;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/jesse.red/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jesse.red/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = jesse.red) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name jesse.red;
    listen 80;
    return 404; # managed by Certbot
}

/var/www/jesse.red/docker-compose.yml

$ docker ps

9d731afed500        wordpress:php7.0-fpm-alpine   "docker-entrypoint.s…"   3 days ago          Up 17 hours         9000/tcp, 0.0.0.0:2600->80/tcp   jesse.red

测试Docker

version: '3.1'
services:
  jessered:
    container_name: jesse.red
    image: wordpress:4-fpm-alpine
    restart: always
    ports:
      - 2600:80 # <-- PORT 2600
    env_file:
      - ./config.env  # Contains .gitignore params

系统

docker-compose logs

Attaching to jesse.red
jesse.red | WordPress not found in /var/www/html - copying now...
jesse.red | Complete! WordPress has been successfully copied to /var/www/html
jesse.red | [03-Jul-2018 11:15:07] NOTICE: fpm is running, pid 1
jesse.red | [03-Jul-2018 11:15:07] NOTICE: ready to handle connections

下面，正在使用端口2600。

$ ps aux | grep 2600

我不确定出了什么问题，我们非常感谢您的帮助。我已经搜寻了很多地方，在询问之前还没有弄清楚。

Answer 1

Nginx请求处理选择这样的服务器块：

在listen指令中检查IP：端口是否完全匹配，如果没有匹配，请检查IP或端口是否匹配。没有端口的IP地址被认为是端口80。

然后从那些匹配项中检查要与匹配块中的server_name指令匹配的请求的Host标头。如果找到匹配项，则该服务器将处理该请求；如果未找到匹配项，则假定未设置default_server指令，该请求将被传递到配置中首先列出的服务器。

因此，在端口80上有server_name 35.237.158.31;，在端口80上也有server_name jesse.red;

IP地址应该是listen指令的一部分，而不是server_name的一部分，尽管这可能与某些请求匹配。假设从外部访问此文件，则jesse.red不太可能出现在任何人的主机标头中。

假设没有匹配项，那么它将通过端口匹配项传递给Nginx首先找到的任何服务器，我假设Nginx在包含文件时将按字母顺序工作，因此您的配置将像这样加载：

/ etc / nginx / sites-enabled / default
/etc/nginx/sites-enabled/jesse.red

现在，您在端口80上与主机不匹配或在host字段中具有ip地址的所有请求都将被代理到：

upstream reverse_proxy {
  server 35.237.158.31:8080;
}

无论如何，这都是我的猜测，您的Nginx日志可能会给您一个确定的答案。

Nginx反向代理与Docker LetsEncrypt

Nginx

Docker

1 个答案: