结合 docker 了解反向代理
Understand a reverse proxy in combination with docker
我在 docker 容器中使用 Nginx 代理。而且我必须 运行 服务器上的多个应用程序。我想 运行 将它们全部放在一个 docker 容器中,除了一个。我 运行 容器中的 Jira 和 Confluence。我花了很多时间来配置应用程序和 Nginx-config。现在我也想 运行 服务器上的 Graylog2,我面临着与 Jira/Confluence 中相同的问题。我想这可能是因为我真的不明白这一切是如何运作的。这就是为什么我制作了以下图像:
这就是我对反向代理的理解。 nginx-conf 看起来像这样:
upstream jenkins {
server 43.3.34.333:8080 fail_timeout=0;
}
upstream docker-jira {
server jira:8080;
}
upstream docker-conf {
server conf:8090;
}
upstream docker-graylog {
server graylog:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mySite.de;
return 301 https://mySite.de;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mySite.de;
include snippets/ssl-mySite.de;
include snippets/ssl-params.conf;
location /jenkins {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
proxy_redirect http://jenkins $scheme://mySite.de;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
client_max_body_size 2M;
}
location /graylog {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-jira/jira;
client_max_body_size 100M;
add_header X-Frame-Options ALLOW;
}
location /confluence {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-conf/confluence;
proxy_redirect http://docker-conf/confluence https://mySite.de;
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mySite.de:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 100M;
}
}
对于代理后面的 运行 Graylog2,您必须设置一些设置(Graylog2 docu):
- 设置web_listen_uri
- 设置rest_listen_uri
- 设置web_endpoint_uri
我是这样做的:
- rest_listen_uri = http://localhost:9000/api/
- web_listen_uri = http://localhost:9000/graylog
- GRAYLOG_WEB_ENDPOINT_URI: https://mySite.de/api
当我到达 https://mySite.de/graylog 时,我收到 502 Bad Gateway Error。 Nginx 日志:
connect() failed (111: Connection refused) while connecting to upstream, client: 33.11.102.157, server: mySite.de, request: "GET /graylog HTTP/2.0", upstream: "http://172.18.0.9:9000/graylog", host: "mySite.de"
我的网络:
NETWORK ID NAME DRIVER SCOPE
6c9de2d6b0ac MyNet bridge local
我不太明白。
保留您的 80–>443 重定向,让 NGINX 执行 SSL 终止,然后通过 http 发送到后端。
更改这些以侦听 LAN IP 或 docker DNS 名称:
web_listen_uri = http://docker-graylog:9000/graylog
rest_listen_uri = http://docker-graylog:9000/api
注意:您当前配置的问题是它只在本地主机上监听,来自外部的请求永远不会到达应用程序,因为它没有监听外部连接。它只监听 graylog 容器内的连接。 NGINX 无法通过局域网访问 localhost:9000 上的 graylog。
错误的网关表明您的代理可能正在工作,但无法与应用建立连接。
更多详情:
https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2
此配置基本上是您已有的,只是从 graylog 文档中复制的。您当前的代理配置可能会按原样工作。
upstream docker-graylog {
server graylog:9000;
}
server
{
listen 443 ssl spdy;
server_name mySite.de;
# <- your SSL Settings here!
location /graylog
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
}
我在 docker 容器中使用 Nginx 代理。而且我必须 运行 服务器上的多个应用程序。我想 运行 将它们全部放在一个 docker 容器中,除了一个。我 运行 容器中的 Jira 和 Confluence。我花了很多时间来配置应用程序和 Nginx-config。现在我也想 运行 服务器上的 Graylog2,我面临着与 Jira/Confluence 中相同的问题。我想这可能是因为我真的不明白这一切是如何运作的。这就是为什么我制作了以下图像:
这就是我对反向代理的理解。 nginx-conf 看起来像这样:
upstream jenkins {
server 43.3.34.333:8080 fail_timeout=0;
}
upstream docker-jira {
server jira:8080;
}
upstream docker-conf {
server conf:8090;
}
upstream docker-graylog {
server graylog:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mySite.de;
return 301 https://mySite.de;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mySite.de;
include snippets/ssl-mySite.de;
include snippets/ssl-params.conf;
location /jenkins {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
proxy_redirect http://jenkins $scheme://mySite.de;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
client_max_body_size 2M;
}
location /graylog {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-jira/jira;
client_max_body_size 100M;
add_header X-Frame-Options ALLOW;
}
location /confluence {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-conf/confluence;
proxy_redirect http://docker-conf/confluence https://mySite.de;
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mySite.de:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 100M;
}
}
对于代理后面的 运行 Graylog2,您必须设置一些设置(Graylog2 docu):
- 设置web_listen_uri
- 设置rest_listen_uri
- 设置web_endpoint_uri
我是这样做的:
- rest_listen_uri = http://localhost:9000/api/
- web_listen_uri = http://localhost:9000/graylog
- GRAYLOG_WEB_ENDPOINT_URI: https://mySite.de/api
当我到达 https://mySite.de/graylog 时,我收到 502 Bad Gateway Error。 Nginx 日志:
connect() failed (111: Connection refused) while connecting to upstream, client: 33.11.102.157, server: mySite.de, request: "GET /graylog HTTP/2.0", upstream: "http://172.18.0.9:9000/graylog", host: "mySite.de"
我的网络:
NETWORK ID NAME DRIVER SCOPE
6c9de2d6b0ac MyNet bridge local
我不太明白。
保留您的 80–>443 重定向,让 NGINX 执行 SSL 终止,然后通过 http 发送到后端。
更改这些以侦听 LAN IP 或 docker DNS 名称:
web_listen_uri = http://docker-graylog:9000/graylog
rest_listen_uri = http://docker-graylog:9000/api
注意:您当前配置的问题是它只在本地主机上监听,来自外部的请求永远不会到达应用程序,因为它没有监听外部连接。它只监听 graylog 容器内的连接。 NGINX 无法通过局域网访问 localhost:9000 上的 graylog。
错误的网关表明您的代理可能正在工作,但无法与应用建立连接。
更多详情: https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2
此配置基本上是您已有的,只是从 graylog 文档中复制的。您当前的代理配置可能会按原样工作。
upstream docker-graylog {
server graylog:9000;
}
server
{
listen 443 ssl spdy;
server_name mySite.de;
# <- your SSL Settings here!
location /graylog
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
}