如何解决使用Docker撰写的TLS上的Nginx
信息:
- Nginx服务器
- Docker
- Docker-compose
- Docker群
当前:
可以通过http访问我的前端。一切正常。
我想要的:
我需要更新为https。
问题:
当我添加配置数据(公共和私有密钥)时,它在本地运行良好。什么时候 在docker swarm上运行,通过 http (来自nginx),我得到了400,这是可以的。
问题在于 https 不起作用,它无法到达前端。我认为docker-compose中的配置有些问题。
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 8080 ssl;
ssl_certificate /cert/public.crt;
ssl_certificate_key /cert/private.key;
root /usr/share/nginx/html;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
}
Docker-compose.yaml
version: '3.7'
networks:
my_network:
external: true
services:
microfrontend-root:
image: ${CONTAINER_IMAGE}:single_spa_root-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
my_network:
deploy:
resources:
limits:
cpus: '0.2'
memory: ${MEMORY_LIMIT}
placement:
constraints:
- node.labels.${SERVER_LABEL}==true
labels:
- "traefik.backend=dev_single_spa_root"
- "traefik.port=8080"
- "traefik.docker.network=my_network"
- "traefik.frontend.tls=true"
- "traefik.frontend.rule=Host:my-host.net;PathPrefixStrip:/subpath/"
- "com.application=MyName"
- "com.component=single_spa_root"
- "com.environment=dev"
感谢帮助!
解决方法
只是一个例子:
server {
server_name YOUR-DOMAIN.COM;
location / {
proxy_pass http://IP-OR-NAME-FROM-YOUR-DOKCER-SERVICE:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /cert/public.crt;
ssl_certificate_key /cert/private.key;
}
# Redirect all to https
server {
if ($host = YOUR-DOMAIN.COM) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name YOUR-DOMAIN.COM;
return 404;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。