使用下面的 docker compose.yml 我正在建立 2 個容器和一個反向代理容器。
version: '3'
services:
# SSGTM Tag Server Container
tagging_server_container:
image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
ports:
- '8080:8080'
restart: always
environment:
PREVIEW_SERVER_URL: https://preview.ssgtm.dev
CONTAINER_CONFIG: aWQ9...
networks:
- ssgtm
# SSGTM Preview Server Container
preview_server_container:
image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
ports:
- '8081:8080'
restart: always
environment:
RUN_AS_PREVIEW_SERVER: true
CONTAINER_CONFIG: aWQ9...
networks:
- ssgtm
proxy:
image: nginx:1.19.10-alpine
ports:
- 80:80
- 443:443
volumes:
- ./conf/nginx.conf:/etc/nginx/nginx.conf
- ./certs:/etc/nginx/certs
depends_on:
- preview_server_container
- tagging_server_container
networks:
- ssgtm
networks:
ssgtm:
driver: bridge
也在內部conf/nginx.conf用於mkcert -cert-file ssgtm.dev.crt -key-file ssgtm.dev.key ssgtm.dev "*.ssgtm.dev" localhost 127.0.0.1 ::1建立 SSL 憑證和金鑰。
events {
worker_connections 1024;
}
http {
upstream docker-tagging-server {
server tagging_server_container:8080;
}
upstream docker-preview-server {
server preview_server_container:8080;
}
server {
listen 443 ssl;
server_name 127.0.0.1;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}
server {
listen 443 ssl;
server_name ssgtm.dev;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-tagging-server;
}
}
server {
listen 443 ssl;
server_name preview.ssgtm.dev;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}
}
我將 VirtualHost 請求代理程式到目標容器。
另外,hosts我在文件中添加了以下內容以在本地解決。效果很好...它解析為 127.0.0.1 並轉到 Nginx 並轉到其目標容器。
127.0.0.1 preview.ssgtm.dev
::1 preview.ssgtm.dev
127.0.0.1 ssgtm.dev
::1 ssgtm.dev
我面臨的問題是...在兩個容器應用程式內部確實請求使用443 連接埠的TCP 到網域IP...所以當它確實請求ssgtm.dev:443 時,它會變成127.0.0.1:443 並返回錯誤Message: connect ECONNREFUSED 127.0.0.1:443我無法理解這個錯誤。據我了解,它無法透過連接埠 443 連接到 127.0.0.1,但我已經添加了!我做錯了什麼?
答案1
容器無法存取 Nginx,因為它們正在嘗試連接到自己網路命名空間的本機,我們可以嘗試使用特殊的 DNSname host.docker.internal來解析主機使用的內部 IP 位址。
修改您的nginx.conf文件,以便它不向ssgtm.dev:443或127.0.0.1:443發出請求,而是向host.docker.internal:443.
server {
listen 443 ssl;
server_name host.docker.internal;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}