我試圖訪問其中一台後端伺服器,但收到此錯誤:
27#27: *21653 connect() 失敗(111:連線被拒絕),同時連線到上游,客戶端:84.255.55.25,伺服器:premium.maltacraft.net,要求:“GET / HTTP/1.1”,上游: “http: //172.28.0.3:37200/”,主機:“premium.maltacraft.net”
我有一個 docker-compose 堆疊,如下所示(為了簡單起見,編輯了一些服務):
services:
nginx-ingress:
image: nginx:latest
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "10"
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- "./nginx-ingress/nginx.conf:/etc/nginx/nginx.conf:ro"
- "./nginx-ingress/dhparam.pem:/etc/ssl/dhparam.pem:ro"
- "./nginx-ingress/sites-available:/etc/nginx/sites-available:ro"
- "./nginx-ingress/sites-enabled:/etc/nginx/sites-enabled:ro"
- "./nginx-ingress/webroot:/var/www"
- "/etc/letsencrypt:/etc/letsencrypt:ro"
networks:
- multicraft
- wp_maltacraft
networks:
multicraft:
wp_maltacraft:
這是我的 nginx.conf 檔案(非常基本):
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/sites-enabled/*.conf;
}
現在,我有 2 個網站連接到 Apache 伺服器,分別稱為 Vanilla 和 Premium。 Vanilla 可以工作,你可以在這裡看到它的工作: https://vanilla.maltacraft.net/
但高級版則不然,如下圖所示: https://premium.maltacraft.net/
vanilla.maltacraft.net.conf:
upstream vanilla {
server multicraft:38200;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name vanilla.maltacraft.net;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/vanilla.maltacraft.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vanilla.maltacraft.net/privkey.pem;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POL>
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=63072000";
add_header 'X-Frame-Options' 'SAMEORIGIN';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'Referrer-Policy' 'no-referrer';
ssl_dhparam /etc/ssl/dhparam.pem;
location / {
proxy_read_timeout 3600;
proxy_pass http://vanilla;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
}
premium.maltacraft.net.conf:
upstream premium {
server multicraft:37200;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name premium.maltacraft.net;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/premium.maltacraft.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/premium.maltacraft.net/privkey.pem;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POL>
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=63072000";
add_header 'X-Frame-Options' 'SAMEORIGIN';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'Referrer-Policy' 'no-referrer';
ssl_dhparam /etc/ssl/dhparam.pem;
location / {
proxy_read_timeout 3600;
proxy_pass http://premium;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
}
如果我將高級版 (37200) 的上游連接埠更改為香草版 (38200),它會正常工作,並且會向我顯示香草版的網站。但我希望它顯示高級網站。
這兩個網站都已生成並運行其 SSL 證書,並且已為它們生成了符號連結(因為它們在sites-enabled資料夾中都具有相同的配置)
知道可以採取什麼措施來解決這個問題嗎?或者也許要調試
答案1
問題是後端伺服器試圖監聽 localhost (127.0.0.1) 而不是 0.0.0.0。更改了它,現在可以使用了