NGINX 容器作为其他容器的代理

NGINX container as a proxy for other containers

我正在尝试 运行 我的 UBUNTU 服务器上的容器,这些容器是:

  1. 带 bind9 的 DNS 服务器。
  2. NTP 服务器 cturra/ntp。
  3. 用于反向代理的 NGINX => 用于 DNS 和 NTP 的反向代理

我在同一个 yaml 文件中有这些容器:

version: '3'
services:
  reverse-proxy-engine:
    image: nginx
    container_name: reverse-proxy-engine
    volumes:
      - ~/core/reverse-proxy/:/usr/share/nginx/
    ports:
      - "80:80"
      - "443:443"
      - "53:53"
      - "123:123/udp"
    depends_on:
      - "DNS-SRV"
      - "ntp"
  DNS-SRV:
    container_name: DNS-SRV
    image: ubuntu/bind9
    user: root
    environment:
      - TZ=UTC
    volumes:
      - ~/core/bind9/:/etc/bind/
  ntp:
    image: cturra/ntp
    container_name: ntp
    restart: always
    read_only: true
    tmpfs:
      - /etc/chrony:rw,mode=1750
      - /run/chrony:rw,mode=1750
      - /var/lib/chrony:rw,mode=1750
    environment:
      - NTP_SERVERS=time.cloudflare.com
      - LOG_LEVEL=0

运行在这个 yaml 文件之后,容器被创建并且我看到正确映射的端口:

admin@main-srv:~/core/yamls$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                            PORTS                                                                                NAMES
4720bae2a44c        nginx               "/docker-entrypoint.…"   5 seconds ago       Up 4 seconds                      0.0.0.0:53->53/tcp, 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:123->123/udp   reverse-proxy-engine
1681814f651e        cturra/ntp          "/bin/sh /opt/startu…"   6 seconds ago       Up 5 seconds (health: starting)   123/udp                                                                              ntp
dde2f9094b45        ubuntu/bind9        "docker-entrypoint.sh"   6 seconds ago       Up 5 seconds                      53/tcp                                                                               DNS-SRV

我可以通过 使用端口 80 在浏览器上访问 nginx 网页,但我无法使用相同的 IP 来解析同一网络上的 DNS 或 NTP,但在容器网络中,它正在工作。

所以我认为 NGINX 端口暴露给 UBUNTU 服务器,但 DNS 和 NTP 端口没有暴露给 NGINX,对吗?我错过了什么?

下面是我的 NginX 配置文件:

events {
  worker_connections 1024;
}

stream {

    upstream dns_servers {
        server DNS-SRV:53;
    }

    upstream ntp_server {
      server ntp:123;
    }

    server {
        listen 53 udp;
        listen 53; #tcp
        proxy_pass dns_servers;
        error_log  /var/log/nginx/dns.log info;
        proxy_responses 1;
        proxy_timeout   1s;
    }

    server {
      listen 123 udp;
      listen 123; #tcp

      proxy_pass ntp_server;
      error_log  /var/log/nginx/ntp.log info;
      proxy_responses 1;
      proxy_timeout   1s;
    }
}

到目前为止我觉得合乎逻辑,有什么想法吗?

我认为那是因为你没有为 bind 和 ntp 容器设置主机名,我使用下面的配置并让它工作

version: '3'
services:
  reverse-proxy-engine:
    image: nginx
    container_name: reverse-proxy-engine
    volumes:
      - ~/core/reverse-proxy/:/usr/share/nginx/
      - $PWD/nginx.conf:/etc/nginx/nginx.conf
    ports:
      - "80:80"
      - "443:443"
      - "53:53"
      - "123:123/udp"
    depends_on:
      - "DNS-SRV"
      - "ntp"
  DNS-SRV:
    container_name: DNS-SRV
    hostname: DNS-SRV
    image: ubuntu/bind9
    user: root
    environment:
      - TZ=UTC
    volumes:
      - ~/core/bind9/:/etc/bind/
  ntp:
    image: cturra/ntp
    container_name: ntp
    hostname: ntp
    restart: always
    read_only: true
    tmpfs:
      - /etc/chrony:rw,mode=1750
      - /run/chrony:rw,mode=1750
      - /var/lib/chrony:rw,mode=1750
    environment:
      - NTP_SERVERS=time.cloudflare.com
      - LOG_LEVEL=0

在上面的配置中,我为绑定和 ntp 容器添加了主机名,我还挂载了 nginx 配置并替换了默认配置。

低于nginx.conf配置

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

stream {

    upstream dns_servers {
        server DNS-SRV:53;
    }

    upstream ntp_server {
      server ntp:123;
    }

    server {
        listen 53 udp;
        listen 53; #tcp
        proxy_pass dns_servers;
        error_log  /var/log/nginx/dns.log info;
        proxy_responses 1;
        proxy_timeout   1s;
    }

    server {
      listen 123 udp;
      listen 123; #tcp

      proxy_pass ntp_server;
      error_log  /var/log/nginx/ntp.log info;
      proxy_responses 1;
      proxy_timeout   1s;
    }
}

注意:请确保您使用的绑定端口 80、443、53、123 未被其他应用程序使用。