Question

我在Digital Ocean Droplet的Docker容器上运行了一个Web应用程序。该应用程序具有其自己的容器，并通过地址为0.0.0.0:8080的Nginx容器提供服务。这是nginx conf：

server {
    listen 80;
    index index.php index.html;
    root /var/www/public;

    location / {
        try_files $uri /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass app:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

和我的nginx容器dockerfile：

FROM nginx:1.10

ADD ./vhost.conf /etc/nginx/conf.d/default.conf
WORKDIR /var/www

现在，我拥有一个使用certbot生成SSL证书的域，我想通过该域为我的应用程序提供服务，但我失败了。

我正在使用（或尝试使用）Apache2作为对此的反向代理，但是我无法使其正常工作。我现在可以访问应用程序的主页，但是没有任何资源，因为该页面是通过https服务的，但是资源是通过http从容器中获取的。我不知道我已经尝试了多少东西，但是我什么也没去。任何帮助将非常感激。这是我的虚拟主机配置，如果有帮助的话。

vhost-le-ssl.conf：

<IfModule mod_ssl.c>
#Listen 443
#NameVirtualHost *:443
<VirtualHost *:443>

     SSLEngine  On

        # Set the path to SSL certificate
    # Usage: SSLCertificateFile /path/to/cert.pem

 SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/cert.pem

    # Servers to proxy the connection, or;
    # List of application servers:
    # Usage:
    # ProxyPass / http://[IP Addr.]:[port]/
    # ProxyPassReverse / http://[IP Addr.]:[port]/
    # Example: 
    ProxyPass / http://0.0.0.0:8080/
    ProxyPassReverse / http://0.0.0.0:8080/

        ServerName antonioquadrado.com
        ServerAlias www.antonioquadrado.com

        ServerAdmin webmaster@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =antonioquadrado.com [OR]
# RewriteCond %{SERVER_NAME} =www.antonioquadrado.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/antonioquadrado.com/privkey.pem
</VirtualHost>
</IfModule>

vhost.conf：

VirtualHost *:80>

        ProxyPreserveHost On

    # Servers to proxy the connection, or;
    # List of application servers:
    # Usage:
    # ProxyPass / http://[IP Addr.]:[port]/
    # ProxyPassReverse / http://[IP Addr.]:[port]/
    # Example: 
    ProxyPass / https://0.0.0.0:8080/
    ProxyPassReverse / https://0.0.0.0:8080/

        ServerName antonioquadrado.com
        ServerAlias www.antonioquadrado.com

        ServerAdmin webmaster@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =antonioquadrado.com [OR]
RewriteCond %{SERVER_NAME} =www.antonioquadrado.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

我已经按照this数字海洋教程进行了学习。

谢谢！

编辑：@SmileIt指向serverfault答案后，我已将我的虚拟主机配置更新为：

<VirtualHost *:80>
        ServerName antonioquadrado.com
        ServerAlias www.antonioquadrado.com

        Redirect permanent / https://www.antonioquadrado.com/
</VirtualHost>

ssl虚拟主机：

<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerName www.antonioquadrado.com
        DirectoryIndex index.php index.html
        SetOutputFilter SUBSTITUTE,DEFLATE

        ProxyPass / http://0.0.0.0:8080/
        ProxyPassReverse / http://0.0.0.0:8080/

        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|http://0.0.0.0:8080/|https://www.antonioquadrado.com/|i"

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateKeyFile /etc/letsencrypt/live/antonioquadrado.com/privkey.pem
        SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/fullchain.pem
        #SSLCertificateChainFile /path-to/chain.pem
        <Proxy *>
                Order deny,allow
                Allow from all
                Allow from localhost
        </Proxy>
</VirtualHost>
</IfModule>

但是对于通过http通过内部ip获取的资源，我也有同样的错误。

这也是我的docker-compose文件：

version: '2'
services:
    web:
        build:
            context: ./
            dockerfile: web.docker
        volumes:
            - ./:/var/www
        ports:
            - "8080:80"
        links:
            - app
    app:
        build:
            context: ./
            dockerfile: app.docker
        volumes:
            - ./:/var/www
        links:
            - database
        environment:
            - "DB_PORT=3306"
            - "DB_HOST=database"
    database:
        image: mysql:5.6
        environment:
            - "MYSQL_ROOT_PASSWORD=*****"
            - "MYSQL_DATABASE=*******"
        ports:
            - "33061:3306"

Answer 1

Apache输出过滤器最有可能发生故障。

将以下内容添加到顶部附近的VirtualHost配置中，然后重新启动Apache。

SetOutputFilter SUBSTITUTE;DEFLATE

本质上，我们必须告诉Apache订购输出过滤器。首先进行替代，然后放气。如果这不适用于您，请将以下内容添加到VirturalHost配置中并发送输出。

LogLevel trace3 rewrite:error filter:trace8

输出应告诉我们替换过滤器之前正在运行哪些过滤器。

如何通过带有SSL的Apache 2公开Nginx Docker容器？

1 个答案: