Docker fastcgi 上的 nginx 反向代理 502 错误
Docker nginx reverse proxy 502 error on fastcgi
我正在尝试构建多网站 docker 服务器。
我想要一个容器用于代理,另一个容器用于网站。
由于性能更好,我也想使用 fastcgi。
我正在使用 jwilder/nginx-proxy
问题:设置 fastcgi (- VIRTUAL_PROTO=fastcgi) 导致 502 Bad Gateway 错误:
2017/12/21 22:06:20 [error] 5#5: *24 connect() failed (111: Connection refused) while connecting to upstream,
client: 77.X3.38.17, server: domain.tdl, request: "GET / HTTP/2.0", upstream: "fastcgi://172.18.0.2:9000", host: "domain.tdl"
网站容器
version: "3"
services:
test:
image: richarvey/nginx-php-fpm:latest
volumes:
- /srv/www/domain.tdl/data:/var/www/html
expose:
- 80
- 443
restart: always
environment:
VIRTUAL_HOST: domain.tdl
VIRTUAL_PROTO: fastcgi
VIRTUAL_PORT: 9000
VIRTUAL_ROOT: /var/www/html
container_name: test
networks:
default:
external:
name: nginx-proxy
NGINX-代理容器
version: '3'
services:
nginx:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /srv/www/nginx-proxy/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx"
networks:
default:
external:
name: nginx-proxy
来自 NGINX-PROXY 容器的 NGINX 配置文件
# domain.tdl
upstream domain.tdl {
## Can be connect with "nginx-proxy" network
# test
server 172.18.0.2:9000;
}
server {
server_name domain.tdl;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name domain.tdl;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/domain.tdl.crt;
ssl_certificate_key /etc/nginx/certs/domain.tdl.key;
ssl_dhparam /etc/nginx/certs/domain.tdl.dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/vhost.d/default;
location / {
root /var/www/html;
include conf.d/fastcgi.conf;
fastcgi_pass domain.tdl;
}
}
为什么我的nginx-proxy容器看不到我的网站?我是不是弄错了端口?
您的 docker 撰写定义看起来没问题。
检查
的输出
$ curl 172.18.0.2:9000
从代理容器执行时。此问题通常发生在 php 守护程序停止工作或请求过载导致 php 请求被丢弃时。
如果在验证 php 守护程序正常运行后仍然出现错误,则问题出在 php-fpm 容器上。 Nginx 错误日志在 /var/log/nginx/error.log
也很有帮助。检查这些以确定容器的任何问题。
在你的WEBSITE CONTAINER docker-compose配置文件中,你将虚拟端口设置为VIRTUAL_PORT: 9000
,这是错误的,因为你暴露了只有端口 80
和 443
.
您只需要确保设置正确的 VIRTUAL_PORT
(80
或 443
),或者您也可以删除环境变量 VIRTUAL_PORT
作为默认值是 80
.
像这样:
version: "3"
services:
test:
image: richarvey/nginx-php-fpm:latest
volumes:
- /srv/www/domain.tdl/data:/var/www/html
expose:
- 80
- 443
restart: always
environment:
VIRTUAL_HOST: domain.tdl
VIRTUAL_PROTO: fastcgi
VIRTUAL_ROOT: /var/www/html
container_name: test
networks:
default:
external:
name: nginx-proxy
我正在尝试构建多网站 docker 服务器。
我想要一个容器用于代理,另一个容器用于网站。 由于性能更好,我也想使用 fastcgi。
我正在使用 jwilder/nginx-proxy
问题:设置 fastcgi (- VIRTUAL_PROTO=fastcgi) 导致 502 Bad Gateway 错误:
2017/12/21 22:06:20 [error] 5#5: *24 connect() failed (111: Connection refused) while connecting to upstream,
client: 77.X3.38.17, server: domain.tdl, request: "GET / HTTP/2.0", upstream: "fastcgi://172.18.0.2:9000", host: "domain.tdl"
网站容器
version: "3"
services:
test:
image: richarvey/nginx-php-fpm:latest
volumes:
- /srv/www/domain.tdl/data:/var/www/html
expose:
- 80
- 443
restart: always
environment:
VIRTUAL_HOST: domain.tdl
VIRTUAL_PROTO: fastcgi
VIRTUAL_PORT: 9000
VIRTUAL_ROOT: /var/www/html
container_name: test
networks:
default:
external:
name: nginx-proxy
NGINX-代理容器
version: '3'
services:
nginx:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /srv/www/nginx-proxy/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
- /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
- /srv/www/nginx-proxy/html:/usr/share/nginx/html
- /srv/www/nginx-proxy/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx"
networks:
default:
external:
name: nginx-proxy
来自 NGINX-PROXY 容器的 NGINX 配置文件
# domain.tdl
upstream domain.tdl {
## Can be connect with "nginx-proxy" network
# test
server 172.18.0.2:9000;
}
server {
server_name domain.tdl;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name domain.tdl;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/domain.tdl.crt;
ssl_certificate_key /etc/nginx/certs/domain.tdl.key;
ssl_dhparam /etc/nginx/certs/domain.tdl.dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/vhost.d/default;
location / {
root /var/www/html;
include conf.d/fastcgi.conf;
fastcgi_pass domain.tdl;
}
}
为什么我的nginx-proxy容器看不到我的网站?我是不是弄错了端口?
您的 docker 撰写定义看起来没问题。
检查
的输出$ curl 172.18.0.2:9000
从代理容器执行时。此问题通常发生在 php 守护程序停止工作或请求过载导致 php 请求被丢弃时。
如果在验证 php 守护程序正常运行后仍然出现错误,则问题出在 php-fpm 容器上。 Nginx 错误日志在 /var/log/nginx/error.log
也很有帮助。检查这些以确定容器的任何问题。
在你的WEBSITE CONTAINER docker-compose配置文件中,你将虚拟端口设置为VIRTUAL_PORT: 9000
,这是错误的,因为你暴露了只有端口 80
和 443
.
您只需要确保设置正确的 VIRTUAL_PORT
(80
或 443
),或者您也可以删除环境变量 VIRTUAL_PORT
作为默认值是 80
.
像这样:
version: "3"
services:
test:
image: richarvey/nginx-php-fpm:latest
volumes:
- /srv/www/domain.tdl/data:/var/www/html
expose:
- 80
- 443
restart: always
environment:
VIRTUAL_HOST: domain.tdl
VIRTUAL_PROTO: fastcgi
VIRTUAL_ROOT: /var/www/html
container_name: test
networks:
default:
external:
name: nginx-proxy