nginx& docker - 转发端口80/443到3000

时间:2017-08-17 11:07:15

标签: docker nginx portforwarding

我使用docker-compose使用meteor应用容器和nginx容器来配置我的应用,这里是我的docker-compose文件:

version: '2'
services:
  webapp:
    image: webapp.image.uri:latest
    ports:
     - "3000:3000"
    environment:
     - ROOT_URL=https://my.app.url
  nginx:
    image: nginx.image.uri:latest
    volumes:
      - certs:/etc/letsencrypt
      - certs-data:/data/letsencrypt
    ports:
     - "80:80"
     - "443:443"

我使用nginx来处理HTTPS请求。 我想要做的是是配置nginx,以便在用户访问my.app.url时,我可以让meteor应用(端口3000)在端口{{ 1}}。
顺便说一句,这是我使用的443配置:

nginx

非常感谢先进!

2 个答案:

答案 0 :(得分:0)

我想要做的是配置nginx,以便当用户访问my.app.url时,我可以让meteor app在端口443上工作

您可以使用nginx_http_rewrite_module将http永久重定向到https。 将您的第一个服务器块更改为:

server {
  listen      80;
  listen [::]:80;
  server_name my.app.url;
  return 301 https://my.app.url$request_uri;
}

更多nginx_http_rewrite_module你可以参考这个http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

关于端口转发,假设您的应用服务器侦听端口3000,您可以将上游块添加到http块。

upstream app {
    server 127.0.0.1:3000; #image the nginx is in same machine with your app server
}

将此行添加到您的第二个服务器块:

proxy_pass https://app;

现在所有来自外部的连接都是https,你在端口3000收听的app也可以处理来自443的请求。

答案 1 :(得分:0)

我得到了它的工作。这就是我修改docker-compose.yml文件的方式:

version: '2'
services:
  webapp:
    image: webapp.image.uri:latest
    ports:
     - "3000:3000"
    environment:
     - ROOT_URL=https://my.app.url
  nginx:
    image: nginx.image.uri:latest
    volumes:
      - certs:/etc/letsencrypt
      - certs-data:/data/letsencrypt
    ports:
     - "80:80"
     - "443:443"
    links:  # new
     - webapp
    volumes_from:
     - webapp

这是nginx配置文件:

server {
    listen      80;
    listen [::]:80;
    server_name my.app.url;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ^~ /.well-known {
        allow all;
        root  /data/letsencrypt/;
    }
}

server {
    listen      443           ssl http2;
    listen [::]:443           ssl http2;
    server_name               my.app.url;

    ssl                       on;

    add_header                Strict-Transport-Security "max-age=31536000" always;

    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;

    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 8.8.4.4;

    ssl_certificate           /etc/letsencrypt/live/my.app.url/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/my.app.url/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/my.app.url/chain.pem;

    access_log                /dev/stdout;
    error_log                 /dev/stderr info;

    # other configs

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect    off;
        proxy_pass         http://webapp:3000;
    }
}
相关问题
最新问题