我有这个问题。我在具有docker机器的docker和用于反向代理的 nginx 容器的docker上运行两个Web应用。
这是我的docker-compose.yml文件:
networks:
default:
ipam:
config:
- subnet: 10.5.0.0/16
gateway: 10.5.0.1
services:
nginx:
image: nginx:1.13
container_name: nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/ssl:/etc/nginx/ssl
- ./nginx/html:/usr/share/nginx/html
networks:
default:
ipv4_address: 10.5.0.2
webapp1:
build: webapp1
container_name: webapp1
environment:
- JVM_OPTS=-Xmx12g -Xms12g -XX:MaxPermSize=4096m -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -XX:+UseConcMarkSweepGC
- CATALINA_OPTS=-Xmx12g -Xms12g -XX:MaxPermSize=4096m -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -XX:+UseConcMarkSweepGC
- JAVA_OPTS= -Ddb.url=db_url.com -Ddb.port=3306 -Ddb.username=test -Ddb.password=test
ports:
- "8080:8080"
depends_on:
- nginx
networks:
default:
ipv4_address: 10.5.0.3
webapp2:
build: webapp2
container_name: webapp2
environment:
- JVM_OPTS=-Xmx12g -Xms12g -XX:MaxPermSize=4096m -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -XX:+UseConcMarkSweepGC
- CATALINA_OPTS=-Xmx12g -Xms12g -XX:MaxPermSize=4096m -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -XX:+UseConcMarkSweepGC
- JAVA_OPTS= -Ddb.url=db_url.com -Ddb.port=3306 -Ddb.username=test -Ddb.password=test
ports:
- "8081:8081"
depends_on:
- nginx
networks:
default:
ipv4_address: 10.5.0.4
这是我的nginx.conf:
server {
# Listen on port 80 and 443
# on both IPv4 and IPv6
listen 80;
listen [::]:80 ipv6only=on;
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
# if ($scheme = http) {
# return 301 https://$server_name$request_uri;
# }
ssl on;
ssl_certificate /etc/nginx/ssl/nginx-cert.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-cert.key;
ssl_session_timeout 5m;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /webapp1 {
proxy_pass https://10.5.0.1:8080/webapp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx/mime.types;
client_max_body_size 20M;
}
location /webapp2 {
proxy_pass https://10.5.0.1:8081/webapp2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx/mime.types;
client_max_body_size 20M;
}
但是Nginx似乎不起作用。所返回的页面的URL为 http://localhost/webapp1 ,返回 400错误的请求。纯HTTP请求已发送到HTTPS端口。 在网址 https://localhost/webapp1 中,我始终是 403禁止访问。
从nginx日志中:
nginx | 10.5.0.1 - - [05/Sep/2018:12:31:18 +0000] "GET /webapp1 HTTP/1.1" 400 674 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36" "-" nginx | 10.5.0.1 - - [05/Sep/2018:12:31:18 +0000] "GET /favicon.ico HTTP/1.1" 400 674 "http://localhost/webapp1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36" "-"
对于 https://localhost/webapp1 :
nginx | 10.5.0.1 - - [05/Sep/2018:12:32:51 +0000] "GET /webapp1 HTTP/1.1" 403 572 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36" "-"
nginx | 2018/09/05 12:32:51 [error] 7#7: *21 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.5.0.1, server: , request: "GET /webapp1 HTTP/1.1", upstream: "https://10.5.0.1:8081/webapp1", host: "localhost"
nginx | 2018/09/05 12:32:51 [error] 7#7: *21 open() "/usr/share/nginx/html/50x.html" failed (13: Permission denied), client: 10.5.0.1, server: , request: "GET /webapp1 HTTP/1.1", upstream: "https://10.5.0.1:8081/webapp1", host: "localhost"
nginx | 10.5.0.1 - - [05/Sep/2018:12:32:51 +0000] "GET /favicon.ico HTTP/1.1" 403 572 "https://localhost/webapp1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36" "-"
与其他Web应用程序相同。
ssl证书是使用openssl生成的自签名证书。
有人可以帮助我吗?真的谢谢