主脚本未知jwilder / nginx-proxy docker php7-fpm symfony4

时间:2019-06-18 09:43:59

标签: symfony docker nginx symfony4 jwilder-nginx-proxy

我很难为自动docker部署设置服务器。我使用jwdilder/nginx-proxy和一个php7.3-fpm容器来尝试运行我的symfony4应用程序。这是应用程序的docker-compose文件:

version:  '3.7'

networks:
  default:
    external:
      name: nginx-proxy

services:
  mysql:
    image: mysql:5.7
    restart: on-failure
    environment:
      MYSQL_ROOT_PASSWORD: test
      MYSQL_DATABASE: database
      MYSQL_USER: test
      MYSQL_PASSWORD: test

  php:
    build:
      context: .
      dockerfile: docker/php/Dockerfile
    restart: on-failure
    hostname: test.org
    ports:
      - 9000
    links:
      - mysql
    environment:
      - VIRTUAL_HOST=test.org
      - VIRTUAL_PORT=9000
      - VIRTUAL_PROTO=fastcgi
      - VIRTUAL_ROOT=/var/www/symfony/public
      - LETSENCRYPT_HOST=test.org 
      - LETSENCRYPT_EMAIL=contact@test.org 
    volumes:
      - ./www:/var/www/symfony:cached
    command: >
      sh -c "cd /var/www/symfony
      && composer install
      && php bin/console doctrine:database:create -n --if-not-exists
      && php bin/console doctrine:migrations:migrate -n --allow-no-migration
      && rm -rf var/cache
      && php bin/console cache:warmup
      && php-fpm"

  node:
    build:
      context: .
      dockerfile: docker/node/Dockerfile
    command: yarn encore production
    restart: on-failure
    volumes:
      - ./www/public:/var/www/symfony/public:cached
      - ./www/assets:/var/www/symfony/assets:cached
      - ./www/yarn.lock:/var/www/symfony/yarn.lock
      - ./www/package.json:/var/www/symfony/package.json
      - ./www/.npmrc:/var/www/symfony/.npmrc
      - ./www/node_modules:/var/www/symfony/node_modules:cached
      - ./www/webpack.config.js:/var/www/symfony/webpack.config.js
    working_dir: /var/www/symfony

我的PHP dockerFile:

FROM php:7.3-fpm

RUN docker-php-ext-install pdo_mysql

RUN pecl install apcu-5.1.11
RUN docker-php-ext-enable apcu

RUN apt-get update && apt-get install -y --no-install-recommends apt-utils

RUN apt-get update && \
    apt-get install -y \
        libzip-dev

RUN docker-php-ext-install zip

RUN apt-get update && apt-get install -y \
        libfreetype6-dev \
        libjpeg62-turbo-dev \
        libmcrypt-dev \
        libpng-dev

RUN pecl install mcrypt-1.0.2 \
    && docker-php-ext-enable mcrypt \
    && docker-php-ext-install iconv \
    && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
    && docker-php-ext-install gd

RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
    && php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" \
    && php composer-setup.php --filename=composer \
    && php -r "unlink('composer-setup.php');" \
    && mv composer /usr/local/bin/composer

WORKDIR /var/www/symfony

nginx代理的docker-compose文件:

version: '3'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy:alpine
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - confd:/etc/nginx/conf.d
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-letsencrypt
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - confd:/etc/nginx/conf.d
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs:rw

    environment:
      - DEFAULT_EMAIL=test@test.test
      - NGINX_PROXY_CONTAINER=nginx-proxy

volumes:
  confd:
  vhostd:
  html:
  certs:

networks:
  default:
    external:
      name: nginx-proxy

这是nginx-proxy生成的nginx配置:

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    listen 80;
    access_log /var/log/nginx/access.log vhost;
    return 503;
}
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    listen 443 ssl http2;
    access_log /var/log/nginx/access.log vhost;
    return 503;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
}
# nepalfederatie.org
upstream nepalfederatie.org {
                ## Can be connected with "nginx-proxy" network
            # nepalfederatieorg_php_1
            server 172.18.0.8:9000;
                ## Can be connected with "nginx-proxy" network
            # nepalfederatie_php_1
            server 172.18.0.6:9000;
}
server {
    server_name nepalfederatie.org;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name nepalfederatie.org;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/nepalfederatie.org.crt;
    ssl_certificate_key /etc/nginx/certs/nepalfederatie.org.key;
    ssl_dhparam /etc/nginx/certs/nepalfederatie.org.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/nepalfederatie.org.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        root   /var/www/symfony/public;
        include fastcgi.conf;
        fastcgi_pass nepalfederatie.org;
        include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/$fastcgi_script_name;
    }
}

导航到test.org时,我的Nginx代理日志中出现以下错误:

  

* 179从上游读取响应头时,stderr发送了FastCGI:“主脚本未知”

但是,当我导航到test.org/index.php时,网站将返回(没有我遇到403错误的任何资产,但以后会出现问题)。

SSL证书和HTTPS重定向效果很好。

我只是进入整个docker和nginx场景,因为我以前总是一直直接部署到直接在服务器上运行的apache2服务器。

对于我的本地开发环境,我还使用nginx容器(没有任何代理),并且在.conf文件中,我有以下几行:

 location / {
     root /var/www/symfony/public;

     try_files $uri /index.php$is_args$args;
 }

 location ~ ^/index\.php(/|$) {
     client_max_body_size 50m;

     fastcgi_pass php:9000;
     fastcgi_buffers 16 16k;
     fastcgi_buffer_size 32k;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/index.php;
 }

特别是线

  

fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/index.php;

由于我的部署服务器的配置是由nginx-proxy自动生成的,有人知道这是否是缺少此行的事实吗?

很抱歉,如果有人可以指出正确的方向,将不胜感激。

0 个答案:

没有答案