gitea 在 docker 后面 jwilder/nginx-proxy 和 jrcs/letsencrypt-nginx-proxy-companion
gitea in docker behind jwilder/nginx-proxy and jrcs/letsencrypt-nginx-proxy-companion
我被困在反向代理 jwilder/nginx-proxy 后面部署 docker 映像 gitea/gitea:1 并使用 jrcs/letsencrypt-nginx-proxy-companion 进行自动证书更新。
gitea 是 运行,我可以通过端口 3000 的 http 地址连接。
代理也是 运行,因为我有多个应用程序和服务,例如sonarqube 运行良好。
这是我的docker-compose.yml:
version: "2"
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
当我调用 https://gitea.myhost.de 时,结果是
502 错误网关 (nginx/1.17.6)
这是日志条目:
2020/09/13 09:57:30 [error] 14323#14323: *15465 no live upstreams while connecting to upstream, client: 77.20.122.169, server: gitea.myhost.de, request: "GET / HTTP/2.0", upstream: "http://gitea.myhost.de/", host: "gitea.myhost.de"
这是 nginx/conf/default.conf:
中的相关条目
# gitea.myhost.de
upstream gitea.myhost.de {
## Can be connected with "frontproxy_default" network
# gitea_server_1
server 172.23.0.10 down;
}
server {
server_name gitea.myhost.de;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name gitea.myhost.de;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/gitea.myhost.de.crt;
ssl_certificate_key /etc/nginx/certs/gitea.myhost.de.key;
ssl_dhparam /etc/nginx/certs/gitea.myhost.de.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/gitea.myhost.de.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://gitea.myhost.de;
}
}
也许这是个问题,我按照 https://docs.gitea.io/en-us/backup-and-restore/
中的建议为此容器使用了 gitea 备份
我该怎么做才能得到这个 运行?我读过这个 https://docs.gitea.io/en-us/reverse-proxies/ 但也许我错过了什么。重点是让 letsencrypt-nginx-proxy-companion 自动管理证书。
非常感谢任何帮助和提示。
我相信您所缺少的只是您在 gitea 容器环境中的 VIRTUAL_PORT 设置。这告诉反向代理容器在路由来自您的 VIRTUAL_HOST 域的传入请求时连接哪个端口,有效地将“:3000”行添加到 nginx conf 中的上游服务器。当您的容器都在同一台主机上时也是如此。默认情况下,反向代理容器仅侦听该服务的端口 80,但由于 gitea docker 容器使用另一个默认端口 3000,因此您需要将其告知反向代理容器。使用您的撰写文件中的代码段查看下文。
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- VIRTUAL_PORT=3000 <-------------------***Add this line***
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
P.S.: 如果所有容器都在同一主机上,则不需要公开端口,除了试图让它工作之外没有其他原因。
我被困在反向代理 jwilder/nginx-proxy 后面部署 docker 映像 gitea/gitea:1 并使用 jrcs/letsencrypt-nginx-proxy-companion 进行自动证书更新。 gitea 是 运行,我可以通过端口 3000 的 http 地址连接。 代理也是 运行,因为我有多个应用程序和服务,例如sonarqube 运行良好。
这是我的docker-compose.yml:
version: "2"
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
当我调用 https://gitea.myhost.de 时,结果是
502 错误网关 (nginx/1.17.6)
这是日志条目:
2020/09/13 09:57:30 [error] 14323#14323: *15465 no live upstreams while connecting to upstream, client: 77.20.122.169, server: gitea.myhost.de, request: "GET / HTTP/2.0", upstream: "http://gitea.myhost.de/", host: "gitea.myhost.de"
这是 nginx/conf/default.conf:
中的相关条目# gitea.myhost.de
upstream gitea.myhost.de {
## Can be connected with "frontproxy_default" network
# gitea_server_1
server 172.23.0.10 down;
}
server {
server_name gitea.myhost.de;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name gitea.myhost.de;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/gitea.myhost.de.crt;
ssl_certificate_key /etc/nginx/certs/gitea.myhost.de.key;
ssl_dhparam /etc/nginx/certs/gitea.myhost.de.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/gitea.myhost.de.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://gitea.myhost.de;
}
}
也许这是个问题,我按照 https://docs.gitea.io/en-us/backup-and-restore/
中的建议为此容器使用了 gitea 备份我该怎么做才能得到这个 运行?我读过这个 https://docs.gitea.io/en-us/reverse-proxies/ 但也许我错过了什么。重点是让 letsencrypt-nginx-proxy-companion 自动管理证书。
非常感谢任何帮助和提示。
我相信您所缺少的只是您在 gitea 容器环境中的 VIRTUAL_PORT 设置。这告诉反向代理容器在路由来自您的 VIRTUAL_HOST 域的传入请求时连接哪个端口,有效地将“:3000”行添加到 nginx conf 中的上游服务器。当您的容器都在同一台主机上时也是如此。默认情况下,反向代理容器仅侦听该服务的端口 80,但由于 gitea docker 容器使用另一个默认端口 3000,因此您需要将其告知反向代理容器。使用您的撰写文件中的代码段查看下文。
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- VIRTUAL_PORT=3000 <-------------------***Add this line***
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
P.S.: 如果所有容器都在同一主机上,则不需要公开端口,除了试图让它工作之外没有其他原因。