docker 的 Apache CORS headers
Apache CORS headers for docker
我的服务器上有两个 docker 容器。一个是 docker 注册表,另一个是 Angular 访问第一个容器端点的应用程序。
Docker 注册表已映射端口 5000 并通过 Apache 的虚拟主机代理到域 docker.mydomain.com。 Angular 应用程序有端口 5002 并被代理到 dockerhub.mydomain.com
我为我的 docker 注册表设置了一个虚拟主机文件,如下所示:
<VirtualHost *:80>
ServerName docker.mydomain.com
Redirect permanent / https://docker.mydomain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias docker.mydomain.com
ServerAdmin admin@mydomain.com
# Headers required for docker registry to work
Header set Host "docker.mydomain.com"
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-forwarded-Proto "https"
# Settings CORS headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept"
Header always set Vary "Origin, Access-Control-Request-Headers, Access-Control-Request-Method"
# SSL settings
SSLEngine On
SSLCertificateFile "/etc/letsencrypt/live/docker.mydomain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/docker.mydomain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/docker.mydomain.com/chain.pem"
# Reply to all OPTIONS requests with 200
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ [R=200,L]
ProxyPreserveHost On
ProxyRequests Off
# Proxy request to localhost:5000 and check authentication
<Location "/">
ProxyPass http://localhost:5000/
ProxyPassReverse http://localhost:5000/
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType basic
AuthUserFile "/opt/docker-registry-htpasswd/.registry-htpasswd"
# Allow reading to all users, but pushing images only for certain user
<Limit GET HEAD>
Require valid-user
</Limit>
<Limit POST PUT DELETE PATCH>
Require user myuser
</Limit>
</Location>
ErrorLog ${APACHE_LOG_DIR}/docker-registry-error.log
LogLevel warn
</VirtualHost>
我在另一个 docker 中的 Angular 应用程序使用具有以下配置的 nginx 映像提供服务:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 4200;
server_name localhost;
root /usr/share/nginx/html;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
}
}
现在,当我在 dockerhub.mydomain.com 打开我的 Angular 应用程序并尝试从 docker.mydomain.com 调用 API 时,我收到与 CORS header 相关的错误小号:
Access to XMLHttpRequest at 'https://docker.mydomain.com/v2' from
origin 'https://dockerhub.mydomain.com' has been blocked by CORS policy:
The 'Access-Control-Allow-Origin' header has a value 'http://localhost:4200' that is
not equal to the supplied origin.
据我所知,如果 Allow-Origin header 设置为 * 这意味着它被设置为请求的 Origin,它被设置为 https://dockerhub.mydomain.com 而不是 Allow-Origin 设置为 localhost:4200 - 这里的问题可能是什么?
此外,Angular 应用程序始终向 docker.mydomain.com 发出请求,而从不向本地主机地址发出请求。
我没有将 nginx.conf 复制到 /etc/nginx/nginx.conf,而是将配置文件复制到 /etc/nginx/conf.d/default.conf
然后我也稍微缩短了conf文件:
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
charset utf-8;
location / {
try_files $uri $uri/ /index.html;
}
}
现在我可以在所有浏览器中正确设置 CORS headers
我的服务器上有两个 docker 容器。一个是 docker 注册表,另一个是 Angular 访问第一个容器端点的应用程序。
Docker 注册表已映射端口 5000 并通过 Apache 的虚拟主机代理到域 docker.mydomain.com。 Angular 应用程序有端口 5002 并被代理到 dockerhub.mydomain.com
我为我的 docker 注册表设置了一个虚拟主机文件,如下所示:
<VirtualHost *:80>
ServerName docker.mydomain.com
Redirect permanent / https://docker.mydomain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias docker.mydomain.com
ServerAdmin admin@mydomain.com
# Headers required for docker registry to work
Header set Host "docker.mydomain.com"
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-forwarded-Proto "https"
# Settings CORS headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept"
Header always set Vary "Origin, Access-Control-Request-Headers, Access-Control-Request-Method"
# SSL settings
SSLEngine On
SSLCertificateFile "/etc/letsencrypt/live/docker.mydomain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/docker.mydomain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/docker.mydomain.com/chain.pem"
# Reply to all OPTIONS requests with 200
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ [R=200,L]
ProxyPreserveHost On
ProxyRequests Off
# Proxy request to localhost:5000 and check authentication
<Location "/">
ProxyPass http://localhost:5000/
ProxyPassReverse http://localhost:5000/
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType basic
AuthUserFile "/opt/docker-registry-htpasswd/.registry-htpasswd"
# Allow reading to all users, but pushing images only for certain user
<Limit GET HEAD>
Require valid-user
</Limit>
<Limit POST PUT DELETE PATCH>
Require user myuser
</Limit>
</Location>
ErrorLog ${APACHE_LOG_DIR}/docker-registry-error.log
LogLevel warn
</VirtualHost>
我在另一个 docker 中的 Angular 应用程序使用具有以下配置的 nginx 映像提供服务:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 4200;
server_name localhost;
root /usr/share/nginx/html;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
}
}
现在,当我在 dockerhub.mydomain.com 打开我的 Angular 应用程序并尝试从 docker.mydomain.com 调用 API 时,我收到与 CORS header 相关的错误小号:
Access to XMLHttpRequest at 'https://docker.mydomain.com/v2' from
origin 'https://dockerhub.mydomain.com' has been blocked by CORS policy:
The 'Access-Control-Allow-Origin' header has a value 'http://localhost:4200' that is
not equal to the supplied origin.
据我所知,如果 Allow-Origin header 设置为 * 这意味着它被设置为请求的 Origin,它被设置为 https://dockerhub.mydomain.com 而不是 Allow-Origin 设置为 localhost:4200 - 这里的问题可能是什么?
此外,Angular 应用程序始终向 docker.mydomain.com 发出请求,而从不向本地主机地址发出请求。
我没有将 nginx.conf 复制到 /etc/nginx/nginx.conf,而是将配置文件复制到 /etc/nginx/conf.d/default.conf
然后我也稍微缩短了conf文件:
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
charset utf-8;
location / {
try_files $uri $uri/ /index.html;
}
}
现在我可以在所有浏览器中正确设置 CORS headers