Docker NGINX SSL终端

前端之家收集整理的这篇文章主要介绍了Docker NGINX SSL终端前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我试图在Docker容器中设置Nginx,以便它将为进入另一个容器的流量执行SSL终止(tcp443 – > tcp3001).

但是我从Nginx获得502 Bad Gateway,Nginx日志中出现以下错误

connect() Failed (111: Connection refused) while connecting to upstream

集装箱

以下容器正在运行:

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                          NAMES
3b640f25af44        Nginx               "Nginx -g 'daemon ..."   3 seconds ago       Up 2 seconds        80/tcp,0.0.0.0:443->443/tcp   hopeful_swartz
f7b13bf2bdcd        ghost               "docker-entrypoint..."   21 hours ago        Up 21 hours         127.0.0.1:3001->2368/tcp       zen_carson

端口3001测试

我可以到达端口3001上的后端服务器(容器).

root@linode-server:~# curl -IL http://127.0.0.1:3001
HTTP/1.1 302 Found
X-Powered-By: Express
Location: /private/
Vary: Accept,Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 31
Date: Sat,07 Apr 2018 19:25:02 GMT
Connection: keep-alive

HTTP/1.1 200 OK
X-Powered-By: Express
Cache-Control: no-cache,private,no-store,must-revalidate,max-stale=0,post-check=0,pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 2655
ETag: W/"a5f-wAxdmCnbgI8/PCwspg8GKWyhtRw"
Vary: Accept-Encoding
Date: Sat,07 Apr 2018 19:25:02 GMT
Connection: keep-alive

Nginx配置

worker_processes 5;

events { worker_connections 1024; }

http {
  server {
      listen              443 ssl;
      ssl_certificate     /etc/Nginx/packetflow.crt;
      ssl_certificate_key /etc/Nginx/packetflow.key;

      location / {
          proxy_pass http://127.0.0.1:3001;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Real-IP  $remote_addr;
          proxy_set_header Host linode.packetflow.co.uk;
      }
  }
}
最佳答案
您有可达性的基本问题.当您在Nginx配置中有下方时

proxy_pass http://127.0.0.1:3001;

您说在同一个Nginx容器中,另一个服务正在端口3001上运行.但该服务正在另一个容器中运行.

接下来看看你的docker ps输出

f7b13bf2bdcd        ghost               "docker-entrypoint..."   21 hours ago        Up 21 hours         127.0.0.1:3001->2368/tcp       zen_carson

容器内的端口是2368而不是3001.现在是启动容器的部分,以便您知道它的地址

如果您是通过命令行启动docker容器,那么您将启动如下容器

docker run -d --name ghost ghost

然后在您的Nginx配置中使用

proxy_pass http://ghost:2368;

更好的方法是实际通过docker-compose.因此,您将创建docker-compose.yml文件

version: 3
services:
  ghost
    build: ghost
    image: ghost
  web:
    build: web
    image: web
    ports:
      - 443:443

你应该看下面的链接

https://docs.docker.com/compose/overview/

猜你在找的Nginx相关文章