我有2个docker容器-frontend(Angular 8)和api(Node),前端默认情况下在端口81上工作,而api在端口1337上工作。我还注册了一个域,两个应用程序都可用,并为ssl添加了配置。但是,它的工作方式是在www.example.com和api在www.example.com:1337都可以使用前端,我想知道是否可以设置nginx配置来服务前端在www.example.com上访问api,在www.example.com/api上访问api,并监听端口443上的两个容器?预先感谢您的帮助。
http {
upstream frontend {
server frontend:81;
}
upstream api {
server api:1337;
}
server {
listen 80;
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com example.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location /api {
try_files $uri @api;
}
location / {
try_files $uri @frontend;
}
location @frontend {
proxy_pass http://frontend;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
location @api {
proxy_pass http://api;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
}
}
reverse:
container_name: reverseProxy
hostname: reverse
image: nginx:latest
ports:
- "80:80"
- "81:81"
- "1337:1337"
- "443:443"
volumes:
- ./defaultnginx.conf:/etc/nginx/nginx.conf
- /usr/share/nginx/html:/usr/share/nginx/html
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- frontend
- api