NGINX:将请求从已安装的 nginx 重定向到 docker 中的 nginx

问题描述 投票:0回答:1

我在同一台机器上有两个 nginx 反向代理:

  1. 安装到 Ubuntu(需要 80 和 443 端口)
  2. docker 容器中的 nginx(占用 445 端口并映射到 443)

安装的 nginx 应该将特定域请求重定向到 docker 中的 nginx。

已安装 nginx 配置:

upstream target {
    server 127.0.0.1:8891 fail_timeout=0;
}

upstream target_green {
    server 127.0.0.1:445 fail_timeout=0;
}

server {
     set $rootfolder "/var/www/root/";
     set $link "target.domain.example";

     listen 443;
     server_name target.domain.example;
     charset utf-8;
     client_max_body_size 1G;

     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

     ssl on;
     ssl_certificate /etc/nginx/ssl/bundle.crt;
     ssl_certificate_key /etc/nginx/ssl/private_key.key;
     ssl_session_cache builtin:1000 shared:SSL:10m;
     ssl_session_timeout 6m;

     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
     ssl_dhparam /etc/nginx/dhparam.pem;


     access_log /var/www/app/logs/access.log;
     error_log /var/www/app/logs/error.log;
     gzip on;


     location / {

          proxy_connect_timeout 600;

          proxy_send_timeout 600;

          proxy_read_timeout 600;
          proxy_set_header   Host   $host;
          proxy_set_header X-Real-IP  $remote_addr;
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_pass http://target;
 
     }

     location /ws/ {
            proxy_pass http://target;
            proxy_http_version 1.1;

            proxy_read_timeout 86400;
            proxy_redirect     off;

            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
    }

     location /static {
          gzip_vary on;
          gzip on;
          gzip_min_length 1100;
          gzip_buffers 16 8k;
          gzip_comp_level 3;
          gzip_types text/plain application/xml application/x-javascript text/css;
          root    /var/www/root/static/;
     }


      location /media {
          gzip_vary on;
          gzip on;
          gzip_min_length 1100;
          gzip_buffers 16 8k;
          gzip_comp_level 3;
          gzip_types text/plain application/xml application/x-javascript text/css;
          root    /var/www/root/media/;
     }
}

server {
  listen 443 ssl;
  server_name "target-green.domain.example";

    charset utf-8;
    client_max_body_size 1G;

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    ssl on;
    ssl_certificate /etc/nginx/ssl/bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/private_key.key;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_timeout 6m;

    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_dhparam /etc/nginx/dhparam.pem;


    access_log /var/www/app/logs/access.log;
    error_log /var/www/app/logs/error.log;
    gzip on;

  location / {
    proxy_connect_timeout 600;

    proxy_send_timeout 600;

    proxy_read_timeout 600;
    proxy_set_header   Host   $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass https://target_green;
  }
}

nginx-in-docker 配置:

server {
  set $rootfolder "/var/www/app/";
  set $app "http://app:8891";
  set $ws "http:/app-ws:10000";

  listen 443 ssl;

  # Docker DNS
  resolver 127.0.0.11;

  server_name "target-green.domain.example";
  charset utf-8;
  client_max_body_size 1G;

  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

  ssl_certificate /etc/nginx/ssl/ssl_certificate;
  ssl_certificate_key /etc/nginx/ssl/ssl_certificate_key;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_session_timeout 6m;

  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  ssl_dhparam /etc/nginx/ssl_dhparam;

  access_log /var/www/app/logs/access.log;
    error_log /var/www/app/logs/error.log;

  location / {
    proxy_connect_timeout 159s;
    proxy_send_timeout   600;
    proxy_read_timeout   600;

    proxy_set_header   Host   $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass $app;
  }

  location /ws/ {
    proxy_pass $ws;
    proxy_http_version 1.1;

    proxy_read_timeout 86400;
    proxy_redirect    off;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
  }

  location /static {
    gzip_min_length 1100;
    gzip_comp_level 3;
    root $rootfolder/frontend/;
  }

  location /media {
    gzip_min_length 1100;
    gzip_comp_level 3;
    root $rootfolder/;
  }
}

不幸的是,在浏览器中,我看到了

target-green.domain.example redirected you too many times.

docker nginx ssl redirect nginx-reverse-proxy
1个回答
0
投票

在本地主机反向代理中,您将流量路由到端口 8891 和 445

##################

upstream target {
    server 127.0.0.1:8891 fail_timeout=0;
}

upstream target_green {
    server 127.0.0.1:445 fail_timeout=0;
}

##################

在 docker 环境反向代理上,您正在侦听端口 443。

这可能是个问题。

另外,请确保 docker 网络处于桥接模式,这样它将从本地主机获取流量。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.