【发布时间】:2017-12-21 22:25:35
【问题描述】:
我正在尝试构建多网站 docker 服务器。
我想要一个容器用于代理,另一个容器用于网站。 由于性能更好,我也想使用 fastcgi。
我正在使用jwilder/nginx-proxy
问题:设置 fastcgi (- VIRTUAL_PROTO=fastcgi) 导致 502 Bad Gateway 错误:
2017/12/21 22:06:20 [error] 5#5: *24 connect() failed (111: Connection refused) while connecting to upstream,
client: 77.X3.38.17, server: domain.tdl, request: "GET / HTTP/2.0", upstream: "fastcgi://172.18.0.2:9000", host: "domain.tdl"
网站容器
version: "3"
services:
test:
image: richarvey/nginx-php-fpm:latest
volumes:
- /srv/www/domain.tdl/data:/var/www/html
expose:
- 80
- 443
restart: always
environment:
VIRTUAL_HOST: domain.tdl
VIRTUAL_PROTO: fastcgi
VIRTUAL_PORT: 9000
VIRTUAL_ROOT: /var/www/html
container_name: test
networks:
default:
external:
name: nginx-proxy
NGINX 代理容器
version: '3'
services:
nginx:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /srv/www/nginx-proxy/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx"
networks:
default:
external:
name: nginx-proxy
来自 NGINX 代理容器的 NGINX 配置文件
# domain.tdl
upstream domain.tdl {
## Can be connect with "nginx-proxy" network
# test
server 172.18.0.2:9000;
}
server {
server_name domain.tdl;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name domain.tdl;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/domain.tdl.crt;
ssl_certificate_key /etc/nginx/certs/domain.tdl.key;
ssl_dhparam /etc/nginx/certs/domain.tdl.dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/vhost.d/default;
location / {
root /var/www/html;
include conf.d/fastcgi.conf;
fastcgi_pass domain.tdl;
}
}
为什么我的 nginx-proxy 容器看不到我的网站?我是不是把端口搞砸了?
【问题讨论】:
-
remove
upstream domain.tdl { ## Can be connect with "nginx-proxy" network # test server 172.18.0.2:9000; }不保证 nginx-php-fpm 容器会得到这个地址。 jwilder/nginx-proxy 将按域(在您的情况下为 domain.tld)找到合适的容器。
标签: docker nginx proxy docker-compose jwilder-nginx-proxy