Nginx
HTTPS 不會暴露在 Docker 中執行的 NGINX 之外
我正在嘗試在 Docker 中設置 Apache Guacamole 和 NGINX 反向代理,並且在獲取 HTTPS 連接以脫離 NGINX 工作時遇到了一些麻煩(HTTP 工作正常)。我在大部分時間都在自學,並嘗試了每一個建議來嘗試解決類似的問題,但沒有運氣。
現在,兩個容器都可以正常啟動,反向代理日誌中沒有出現任何問題:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up
docker ps
兩者都顯示為正在執行,並為反向代理公開了正確的埠:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 60b4f2e6c3e2 nginx:latest "/docker-entrypoint.…" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:433->433/tcp reverse-proxy a4c7f1fc4759 oznu/guacamole "/init" 2 hours ago Up 2 hours 8080/tcp guacamole
netstat -tulpn | grep LISTEN
還顯示埠已暴露(並且在容器未執行時不顯示,因此它似乎來自正確的位置):tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1391/vino-server tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30538/docker-proxy tcp 0 0 0.0.0.0:433 0.0.0.0:* LISTEN 30499/docker-proxy tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 577/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4489/sshd: /usr/sbi tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 624/cupsd tcp6 0 0 :::5900 :::* LISTEN 1391/vino-server tcp6 0 0 :::22 :::* LISTEN 4489/sshd: /usr/sbi tcp6 0 0 ::1:631 :::* LISTEN 624/cupsd
但是,無論是嘗試訪問 https://localhost、https://example.com ,還是只是嘗試在本地或外部對機器進行 nmap 映射,都會顯示埠 80 開放而埠 433 關閉。
Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-11 18:57 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00011s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 631/tcp open ipp 5900/tcp open vnc
我感覺這是某個地方的網路/防火牆問題,並嘗試按照指南將 iptables 重置為預設值,但這似乎沒有解決任何問題。我認為這不會產生任何影響,但是在我嘗試測試時證書是自簽名的,然後再設置 Let’s Encrypt。下面是我的 docker-compose.yml 和 nginx.conf。
碼頭工人-compose.yml
version: '3' services: reverse-proxy: image: nginx:latest container_name: reverse-proxy ports: - 80:80 - 433:433 volumes: - ./nginx.conf:/etc/nginx/nginx.conf - ./example.com.crt:/etc/nginx/example.com.crt - ./example.com.key:/etc/nginx/example.com.key depends_on: - guacamole restart: always guacamole: image: oznu/guacamole container_name: guacamole expose: - 8080 volumes: - /home/user/guacamole:/config restart: always
nginx.conf
worker_processes 1; events { worker_connections 1024; } http { server { listen 80; server_name example.com; return 302 https://$host$request_uri; #302 for testing purposes, will be 301 later } server { listen 433 ssl; server_name example.com; ssl_certificate /etc/nginx/example.com.crt; ssl_certificate_key /etc/nginx/example.com.key; location / { proxy_pass http://guacamole:8080; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } } }
預先感謝您的任何幫助!
經過更多故障排除並蒐索正確的關鍵字以偶然發現這篇文章後解決了這個問題。當 HTTPS 為 443 時,我正在監聽和轉發 433,哎呀。我猜是學習仔細檢查程式碼是否有錯誤的好課。