我使用 docker compose 构建的服务遇到问题,我不明白出了什么问题。
我有一个 Debian 服务器,我想在其上托管 3 个 Etherpad 实例,每个实例都有自己的配置。除了 3 个 Etherpad 之外,我希望前端的 apache 允许通过 https 访问 Etherpad 实例。
目前,我的系统仅部分运行。 docker compose 启动顺利,3 个 Etherpad 可以通过它们的端口访问,我可以创建 pad:
所以我配置了apache2来做反向代理:
第一个 pad (etherpad libre) 的反向代理没有问题,它可以工作,我可以创建 pad。
但是,其他两个不起作用,我收到错误:
Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
在 apache2 前端日志上我收到此错误:
[Wed Jul 24 13:54:38.027789 2024] [proxy:error] [pid 22:tid 25] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:9002 (127.0.0.1:9002) failed
[Wed Jul 24 13:54:38.027895 2024] [proxy_http:error] [pid 22:tid 25] [client 10.26.24.52:52664] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
我不明白为什么。欢迎任何线索吗?!
这是 docker compose :
x-proxy-args: &proxy-args
HTTP_PROXY: http://proxy.mydomaine.com:3333
HTTPS_PROXY: http://proxy.mydomaine.com:3333
no_proxy: localhost,127.0.0.1
x-ether-args: ðer-args
INSTALL_SOFFICE: true
ETHERPAD_PLUGINS: ep_adminpads2 ep_align ep_author_hover ep_font_color ep_font_family ep_font_size ep_headings2 ep_remove_embed ep_set_title_on_pad ep_special_characters ep_subscript_and_superscript ep_table_of_contents
services:
etherpad-libre:
image: etherpad-libre
build:
context: ./etherpad-lite
args:
HTTP_PROXY: ${HTTP_PROXY}
HTTPS_PROXY: ${HTTPS_PROXY}
no_proxy: ${no_proxy}
INSTALL_SOFFICE: ${INSTALL_SOFFICE}
ETHERPAD_PLUGINS: ${ETHERPAD_PLUGINS}
networks:
- etherpad
ports:
- "9001:9001"
volumes:
- ./etherpad-config/libre-settings.json:/opt/etherpad-lite/settings.json
- ./etherpad-config/libre-credentials.json:/opt/etherpad-lite/credentials.json
etherpad-moodle:
image: etherpad-moodle
build:
context: ./etherpad-lite
args:
HTTP_PROXY: ${HTTP_PROXY}
HTTPS_PROXY: ${HTTPS_PROXY}
no_proxy: ${no_proxy}
INSTALL_SOFFICE: ${INSTALL_SOFFICE}
ETHERPAD_PLUGINS: ${ETHERPAD_PLUGINS}
networks:
- etherpad
ports:
- "9002:9001"
volumes:
- ./etherpad-config/moodle-settings.json:/opt/etherpad-lite/settings.json
- ./etherpad-config/moodle-credentials.json:/opt/etherpad-lite/credentials.json
etherpad-redmine:
image: etherpad-redmine
build:
context: ./etherpad-lite
args:
HTTP_PROXY: ${HTTP_PROXY}
HTTPS_PROXY: ${HTTPS_PROXY}
no_proxy: ${no_proxy}
INSTALL_SOFFICE: ${INSTALL_SOFFICE}
ETHERPAD_PLUGINS: ${ETHERPAD_PLUGINS}
networks:
- etherpad
ports:
- "9003:9001"
volumes:
- ./etherpad-config/redmine-settings.json:/opt/etherpad-lite/settings.json
- ./etherpad-config/redmine-credentials.json:/opt/etherpad-lite/credentials.json
apache2-frontal:
image: apache2-frontal
build:
context: ./apache2-frontal
args:
HTTP_PROXY: ${HTTP_PROXY}
HTTPS_PROXY: ${HTTPS_PROXY}
no_proxy: ${no_proxy}
networks:
- etherpad
ports:
- "80:80"
- "443:443"
volumes:
- /etc/certificats/etherpad.mydomaine.com:/etc/certificats/etherpad.mydomaine.com
networks:
etherpad:
driver: bridge
这是 apache2 配置:
# préconisations RSSI
ServerTokens Prod
# global servername
ServerName etherpad.mydomaine.com
<VirtualHost *:80>
ServerName etherpad.mydomaine.com
Redirect permanent / https://etherpad.mydomaine.com/libre/
</VirtualHost>
<VirtualHost *:443>
ServerName etherpad.mydomaine.com
# logs
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL
SSLEngine on
SSLCertificateFile /etc/certificats/etherpad.mydomaine.com/cert.pem
SSLCertificateKeyFile /etc/certificats/etherpad.mydomaine.com/privkey.pem
SSLCertificateChainFile /etc/certificats/etherpad.mydomaine.com/fullchain.pem
# préconisations RSSI
ServerSignature Off
FileETag None
<IfModule mod_headers.c>
<Directory />
Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
</Directory>
</IfModule>
# redirection / vers l'Etherpad libre
Redirect permanent / https://etherpad.mydomaine.com/libre/
# Etherpad réécritures
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/libre/socket.io/(.*) ws://etherpad-libre:9001/socket.io/$1 [P,L]
RewriteRule ^/moodle/socket.io/(.*) ws://etherpad-moodle:9002/socket.io/$1 [P,L]
RewriteRule ^/redmine/socket.io/(.*) ws://etherpad-redmine:9003/socket.io/$1 [P,L]
# Etherpad proxypass
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /libre/ http://etherpad-libre:9001/
ProxyPassReverse /libre/ http://etherpad-libre:9001/
ProxyPass /moodle/ http://etherpad-moodle:9002/
ProxyPassReverse /moodle/ http://etherpad-moodle:9002/
ProxyPass /redmine/ http://etherpad-redmine:9003/
ProxyPassReverse /redmine/ http://etherpad-redmine:9003/
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>
好吧,这是显而易见的,查看 iptables 让我立即思考。如果每个容器都有自己的端口,那么apache会直接访问容器的端口,所以是9001。对于这两个不起作用的服务,您需要在apache配置中调用它们的真实端口9001,这样就可以解决问题。
# préconisations RSSI
ServerTokens Prod
# global servername
ServerName etherpad.mydomaine.com
<VirtualHost *:80>
ServerName etherpad.mydomaine.com
Redirect permanent / https://etherpad.mydomaine.com/libre/
</VirtualHost>
<VirtualHost *:443>
ServerName etherpad.mydomaine.com
# logs
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL
SSLEngine on
SSLCertificateFile /etc/certificats/etherpad.mydomaine.com/cert.pem
SSLCertificateKeyFile /etc/certificats/etherpad.mydomaine.com/privkey.pem
SSLCertificateChainFile /etc/certificats/etherpad.mydomaine.com/fullchain.pem
# préconisations RSSI
ServerSignature Off
FileETag None
<IfModule mod_headers.c>
<Directory />
Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
</Directory>
</IfModule>
# redirection / vers l'Etherpad libre
Redirect permanent / https://etherpad.mydomaine.com/libre/
# Etherpad réécritures
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/libre/socket.io/(.*) ws://etherpad-libre:9001/socket.io/$1 [P,L]
RewriteRule ^/moodle/socket.io/(.*) ws://etherpad-moodle:9001/socket.io/$1 [P,L]
RewriteRule ^/redmine/socket.io/(.*) ws://etherpad-redmine:9001/socket.io/$1 [P,L]
# Etherpad proxypass
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /libre/ http://etherpad-libre:9001/
ProxyPassReverse /libre/ http://etherpad-libre:9001/
ProxyPass /moodle/ http://etherpad-moodle:9001/
ProxyPassReverse /moodle/ http://etherpad-moodle:9001/
ProxyPass /redmine/ http://etherpad-redmine:9001/
ProxyPassReverse /redmine/ http://etherpad-redmine:9001/
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>