我试图在Docker容器中设置Nginx,以便它将为进入另一个容器的流量执行SSL终止(tcp443 – > tcp3001).
但是我从Nginx获得502 Bad Gateway,Nginx日志中出现以下错误:
connect() Failed (111: Connection refused) while connecting to upstream
集装箱
以下容器正在运行:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b640f25af44 Nginx "Nginx -g 'daemon ..." 3 seconds ago Up 2 seconds 80/tcp,0.0.0.0:443->443/tcp hopeful_swartz
f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
端口3001测试
我可以到达端口3001上的后端服务器(容器).
root@linode-server:~# curl -IL http://127.0.0.1:3001
HTTP/1.1 302 Found
X-Powered-By: Express
Location: /private/
Vary: Accept,Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 31
Date: Sat,07 Apr 2018 19:25:02 GMT
Connection: keep-alive
HTTP/1.1 200 OK
X-Powered-By: Express
Cache-Control: no-cache,private,no-store,must-revalidate,max-stale=0,post-check=0,pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 2655
ETag: W/"a5f-wAxdmCnbgI8/PCwspg8GKWyhtRw"
Vary: Accept-Encoding
Date: Sat,07 Apr 2018 19:25:02 GMT
Connection: keep-alive
Nginx配置
worker_processes 5;
events { worker_connections 1024; }
http {
server {
listen 443 ssl;
ssl_certificate /etc/Nginx/packetflow.crt;
ssl_certificate_key /etc/Nginx/packetflow.key;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host linode.packetflow.co.uk;
}
}
}
最佳答案
您有可达性的基本问题.当您在Nginx配置中有下方时
proxy_pass http://127.0.0.1:3001;
您说在同一个Nginx容器中,另一个服务正在端口3001上运行.但该服务正在另一个容器中运行.
接下来看看你的docker ps输出
f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
容器内的端口是2368而不是3001.现在是启动容器的部分,以便您知道它的地址
如果您是通过命令行启动docker容器,那么您将启动如下容器
docker run -d --name ghost ghost
然后在您的Nginx配置中使用
proxy_pass http://ghost:2368;
更好的方法是实际通过docker-compose.因此,您将创建docker-compose.yml文件
version: 3
services:
ghost
build: ghost
image: ghost
web:
build: web
image: web
ports:
- 443:443
你应该看下面的链接