nginx & docker - 转发端口 80/443 到 3000
nginx & docker - Forwarding port 80/443 to 3000
我正在使用 docker-compose 通过 meteor 应用程序容器和 nginx 容器配置我的应用程序,这是我的 docker-compose 文件:
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
我正在使用 nginx 来处理 HTTPS 请求。 我想做的是配置nginx这样,当用户访问my.app.url时,我可以让meteor应用程序(端口3000)工作端口 443.
顺便说一下,这是我正在使用的 nginx 配置:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
}
非常感谢!
我想做的是配置 nginx,这样当用户访问时 my.app.url 我可以让 meteor 应用程序在端口 443
上工作
您可以使用 nginx_http_rewrite_module 将 http 永久重定向到 https。
将您的第一个服务器块更改为此:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
return 301 https://my.app.url$request_uri;
}
更多 nginx_http_rewrite_module 你可以参考这个 http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return
关于端口转发,假设你的应用服务器监听端口 3000,你可以在 http 块中添加一个上游块。
upstream app {
server 127.0.0.1:3000; #image the nginx is in same machine with your app server
}
并将此行添加到您的第二个服务器块:
proxy_pass https://app;
现在所有来自外部的连接都将是 https,并且您在端口 3000 上侦听的应用程序也可以处理来自 443 的请求。
我成功了。这就是我修改 docker-compose.yml 文件的方式:
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
links: # new
- webapp
volumes_from:
- webapp
这是 nginx 配置文件:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://webapp:3000;
}
}
我正在使用 docker-compose 通过 meteor 应用程序容器和 nginx 容器配置我的应用程序,这是我的 docker-compose 文件:
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
我正在使用 nginx 来处理 HTTPS 请求。 我想做的是配置nginx这样,当用户访问my.app.url时,我可以让meteor应用程序(端口3000)工作端口 443.
顺便说一下,这是我正在使用的 nginx 配置:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
}
非常感谢!
我想做的是配置 nginx,这样当用户访问时 my.app.url 我可以让 meteor 应用程序在端口 443
上工作您可以使用 nginx_http_rewrite_module 将 http 永久重定向到 https。 将您的第一个服务器块更改为此:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
return 301 https://my.app.url$request_uri;
}
更多 nginx_http_rewrite_module 你可以参考这个 http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return
关于端口转发,假设你的应用服务器监听端口 3000,你可以在 http 块中添加一个上游块。
upstream app {
server 127.0.0.1:3000; #image the nginx is in same machine with your app server
}
并将此行添加到您的第二个服务器块:
proxy_pass https://app;
现在所有来自外部的连接都将是 https,并且您在端口 3000 上侦听的应用程序也可以处理来自 443 的请求。
我成功了。这就是我修改 docker-compose.yml 文件的方式:
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
links: # new
- webapp
volumes_from:
- webapp
这是 nginx 配置文件:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://webapp:3000;
}
}