docker-使用 ghost 和 nginx 代理编写错误
docker-compose error with ghost and an nginx proxy
所以,我开始 docker-compose
现在,我遇到了 nginx 代理请求的问题。
所以我有一个容器,它使用了 ghost 图像并暴露在 2368 上:
ghostblog:
container_name: ghostblog
image: ghost
restart: always
ports:
- 2368:2368
env_file:
- ./config.env
volumes:
- "./petemsGhost/content/themes:/usr/src/ghost/content/themes"
- "./petemsGhost/content/apps:/usr/src/ghost/content/apps"
- "./petemsGhost/content/images:/usr/src/ghost/content/images"
- "./petemsGhost/content/data:/usr/src/ghost/content/data"
- "./petemsGhost/config:/var/lib/ghost"
我正在将其链接到一个正在代理对容器的请求的 nginx 容器:
ghost_nginx:
restart: always
build: ./ghostNginx/
ports:
- 80:80
- 443:443
links:
- 'ghostblog:ghostblog'
在该构建中,我复制了一堆东西、密钥、配置等:
Docker 文件
FROM centos:centos6
# Delete defaults
RUN yum install epel-release -y
RUN yum install -y nginx curl
RUN rm /etc/nginx/nginx.conf
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-available/petersouter.co.uk.conf
COPY conf.d/ghost_blog_petersouter.co.uk-upstream.conf /etc/nginx/conf.d/ghost_blog_petersouter.co.uk-upstream.conf
COPY petersouter.co.uk.crt /etc/nginx/petersouter.co.uk.crt
COPY petersouter.co.uk.key /etc/nginx/petersouter.co.uk.key
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
/etc/nginx/conf.d/ghost_blog_petersouter.co.uk-upstream.conf
upstream ghost_blog_petersouter.co.uk {
server ghostblog:2368 fail_timeout=10s;
}
/etc/nginx/sites-enabled/petersouter.co.uk.conf
# Redirect all non-SSL to SSL
server {
listen 0.0.0.0:80;
return 301 https://$server_name$request_uri;
}
# Main SSL Config Block
server {
listen 0.0.0.0:443 ssl;
ssl on;
ssl_certificate /etc/nginx/petersouter.co.uk.crt;
ssl_certificate_key /etc/nginx/petersouter.co.uk.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-petersouter.co.uk.access.log combined;
error_log /var/log/nginx/ssl-petersouter.co.uk.error.log;
location / {
proxy_pass http://ghost_blog_petersouter.co.uk;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffering off;
}
}
并且链接正常,因为我可以在 nginx 容器中看到它:
$ docker exec -i -t petersouterblogcompose_ghost_nginx_1 bash
$ curl ghostblog:2368
$ Moved Permanently. Redirecting to https://petersouter.co.uk/
在容器外我可以直接卷曲 ghost 实例:
$ curl 0.0.0.0:2368
$ Moved Permanently. Redirecting to https://petersouter.co.uk/
但是当我尝试转到正确重定向的端口 80 时,我没有收到任何响应:
$ curl curl 0.0.0.0:80
$ curl: (52) Empty reply from server
我猜我在 nginx 配置的某个地方搞砸了,因为其他一切似乎都按预期工作。
解决了,事情总是那么简单!
注意 nginx Dockerfile 的这一行:
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-available/petersouter.co.uk.conf
我正在复制到 sites-available 文件夹,所以 conf 永远不会加载!修复了:
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-enabled/petersouter.co.uk.conf
一切正常! :)
所以,我开始 docker-compose
现在,我遇到了 nginx 代理请求的问题。
所以我有一个容器,它使用了 ghost 图像并暴露在 2368 上:
ghostblog:
container_name: ghostblog
image: ghost
restart: always
ports:
- 2368:2368
env_file:
- ./config.env
volumes:
- "./petemsGhost/content/themes:/usr/src/ghost/content/themes"
- "./petemsGhost/content/apps:/usr/src/ghost/content/apps"
- "./petemsGhost/content/images:/usr/src/ghost/content/images"
- "./petemsGhost/content/data:/usr/src/ghost/content/data"
- "./petemsGhost/config:/var/lib/ghost"
我正在将其链接到一个正在代理对容器的请求的 nginx 容器:
ghost_nginx:
restart: always
build: ./ghostNginx/
ports:
- 80:80
- 443:443
links:
- 'ghostblog:ghostblog'
在该构建中,我复制了一堆东西、密钥、配置等:
Docker 文件
FROM centos:centos6
# Delete defaults
RUN yum install epel-release -y
RUN yum install -y nginx curl
RUN rm /etc/nginx/nginx.conf
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-available/petersouter.co.uk.conf
COPY conf.d/ghost_blog_petersouter.co.uk-upstream.conf /etc/nginx/conf.d/ghost_blog_petersouter.co.uk-upstream.conf
COPY petersouter.co.uk.crt /etc/nginx/petersouter.co.uk.crt
COPY petersouter.co.uk.key /etc/nginx/petersouter.co.uk.key
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
/etc/nginx/conf.d/ghost_blog_petersouter.co.uk-upstream.conf
upstream ghost_blog_petersouter.co.uk {
server ghostblog:2368 fail_timeout=10s;
}
/etc/nginx/sites-enabled/petersouter.co.uk.conf
# Redirect all non-SSL to SSL
server {
listen 0.0.0.0:80;
return 301 https://$server_name$request_uri;
}
# Main SSL Config Block
server {
listen 0.0.0.0:443 ssl;
ssl on;
ssl_certificate /etc/nginx/petersouter.co.uk.crt;
ssl_certificate_key /etc/nginx/petersouter.co.uk.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-petersouter.co.uk.access.log combined;
error_log /var/log/nginx/ssl-petersouter.co.uk.error.log;
location / {
proxy_pass http://ghost_blog_petersouter.co.uk;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffering off;
}
}
并且链接正常,因为我可以在 nginx 容器中看到它:
$ docker exec -i -t petersouterblogcompose_ghost_nginx_1 bash
$ curl ghostblog:2368
$ Moved Permanently. Redirecting to https://petersouter.co.uk/
在容器外我可以直接卷曲 ghost 实例:
$ curl 0.0.0.0:2368
$ Moved Permanently. Redirecting to https://petersouter.co.uk/
但是当我尝试转到正确重定向的端口 80 时,我没有收到任何响应:
$ curl curl 0.0.0.0:80
$ curl: (52) Empty reply from server
我猜我在 nginx 配置的某个地方搞砸了,因为其他一切似乎都按预期工作。
解决了,事情总是那么简单!
注意 nginx Dockerfile 的这一行:
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-available/petersouter.co.uk.conf
我正在复制到 sites-available 文件夹,所以 conf 永远不会加载!修复了:
COPY sites-enabled/petersouter.co.uk.conf /etc/nginx/sites-enabled/petersouter.co.uk.conf
一切正常! :)