Springboot 和 angular 容器之间使用 https 和 nginx 进行 HTTPS 通信
HTTPS communication between Springboot and angular container using https with nginx
我有两个 Docker 容器,spring 引导和 Angular。
此外,我在 Ubuntu 中安装了 Nginx。
我有这个配置文件 Nginx 可以使用 HTTPS
重定向 Angular 应用程序
server {
root /var/www/html;
server_name dev.xxxxx.io www.dev.xxxxx.io;
location / {
proxy_pass http://127.0.0.1:8080; # Angular container port
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.xxxxx.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.xxxxx.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.dev.xxxxx.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = dev.xxxxx.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name dev.xxxx.io www.dev.xxxxx.io;
return 404; # managed by Certbot
我的 angular 容器 运行 端口 8080:80 (docker 文件很简单)
以及端口为 8181:8181 的 Springboot 容器 运行
当我将 Angular 中的环境文件更改为 https://xx.xx.xx.xx:8181 时出现错误,因为后端 (Springboot) 未配置为 Https。
当转到端口 8181 时,您直接指向 Spring 启动容器,这显然不是 运行 端口 8181 上的 HTTPS。
我想您可能希望指向您的 NGINX 来处理 SSL 终止,因此您需要设置另一个代理来重定向到您的应用程序。如果没有,您可以将 SSL 添加到 Spring 启动应用程序,但无法使用 Certbot 刷新证书(您似乎正在使用它,因为我可以在 nginx.conf 文件
您可以使用不同的路径或不同的端口来执行此操作。
root /var/www/html;
server_name dev.xxxxx.io www.dev.xxxxx.io;
location / {
proxy_pass http://127.0.0.1:8080; # Angular container port
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
### Addition start ###
location /api {
proxy_pass http://127.0.0.1:8181/api; # Spring container port and path (add context path to Spring boot as well)
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
### Addition end ###
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.xxxxx.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.xxxxx.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
然后将 Angular 应用更改为调用 https://dev.xxxxx.io/api
要添加上下文路径,请将 server.servlet.context-path=/api 添加到 application.properties(或 yaml)
P.S:我不是 100% 确定您需要更改上下文路径,但如果您不这样做,我似乎记得问题。
我有两个 Docker 容器,spring 引导和 Angular。
此外,我在 Ubuntu 中安装了 Nginx。
我有这个配置文件 Nginx 可以使用 HTTPS
重定向 Angular 应用程序 server {
root /var/www/html;
server_name dev.xxxxx.io www.dev.xxxxx.io;
location / {
proxy_pass http://127.0.0.1:8080; # Angular container port
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.xxxxx.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.xxxxx.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.dev.xxxxx.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = dev.xxxxx.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name dev.xxxx.io www.dev.xxxxx.io;
return 404; # managed by Certbot
我的 angular 容器 运行 端口 8080:80 (docker 文件很简单) 以及端口为 8181:8181 的 Springboot 容器 运行 当我将 Angular 中的环境文件更改为 https://xx.xx.xx.xx:8181 时出现错误,因为后端 (Springboot) 未配置为 Https。
当转到端口 8181 时,您直接指向 Spring 启动容器,这显然不是 运行 端口 8181 上的 HTTPS。
我想您可能希望指向您的 NGINX 来处理 SSL 终止,因此您需要设置另一个代理来重定向到您的应用程序。如果没有,您可以将 SSL 添加到 Spring 启动应用程序,但无法使用 Certbot 刷新证书(您似乎正在使用它,因为我可以在 nginx.conf 文件
您可以使用不同的路径或不同的端口来执行此操作。
root /var/www/html;
server_name dev.xxxxx.io www.dev.xxxxx.io;
location / {
proxy_pass http://127.0.0.1:8080; # Angular container port
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
### Addition start ###
location /api {
proxy_pass http://127.0.0.1:8181/api; # Spring container port and path (add context path to Spring boot as well)
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
### Addition end ###
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.xxxxx.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.xxxxx.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
然后将 Angular 应用更改为调用 https://dev.xxxxx.io/api
要添加上下文路径,请将 server.servlet.context-path=/api 添加到 application.properties(或 yaml)
P.S:我不是 100% 确定您需要更改上下文路径,但如果您不这样做,我似乎记得问题。