我有一个 docker,它在端口 8080 和 8443 上公开了一个 caddy web 服务器,分别映射到 80 和 443。
我可以使用 https://localhost:8443 通过本地浏览器访问它,但是,浏览器首先会抱怨 SSL 证书是自签名的。由于未知原因,当尝试使用 http://localhost:8080 访问时,浏览器会重定向 https://localhost(https 但不带端口)。
[michael@localhost api-platform]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4f9c942d02f api-platform_caddy "caddy run --config …" 22 minutes ago Up 22 minutes 2019/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:8443->443/udp, :::8443->443/tcp, :::8443->443/udp api-platform_caddy_1
120471adcb43 api-platform_php "docker-entrypoint p…" 22 minutes ago Up 22 minutes (healthy) 9000/tcp api-platform_php_1
4ab23f9bd5d9 postgres:13-alpine "docker-entrypoint.s…" 22 minutes ago Up 22 minutes 0.0.0.0:5433->5432/tcp, :::5433->5432/tcp api-platform_database_1
958944520bd5 api-platform_pwa "docker-entrypoint.s…" 22 minutes ago Up 22 minutes 3000/tcp api-platform_pwa_1
[michael@localhost api-platform]$
我希望从另一台机器访问 Docker 的网络服务器。我已经尝试了以下方法,但是,如果有比我尝试使用主机的 Apache Web 服务器更好的方法,我完全愿意更改该方法。
我尝试了两个版本(请参阅下面的两个虚拟主机配置文件)。与不涉及 Apache 的情况下使用类似,http://api-platform.example.com:80重定向到 https。
将请求传递至http://127.0.0.1:8080。使用 https://localhost 的本地计算机或使用的远程计算机上的行为相同https://api-platform.example.com/浏览器显示“客户端向 HTTPS 服务器发送了 HTTP 请求”。 Docker 日志是静默的,Apache 不会记录错误,但是,Apache 的日志访问:
127.0.0.1 - - [05/Sep/2021:10:18:32 -0700] "GET / HTTP/1.1" 400 48 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" (localhost)
11.22.33.44 - - [05/Sep/2021:10:34:18 -0700] "GET / HTTP/1.1" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36" (remote)
传递请求https://127.0.0.1:8443。对于 localhost,可以按预期工作,只是浏览器首先抱怨自签名签名,但对于远程访问,浏览器会显示The proxy server received an invalid response from an upstream server
Apache 的访问和错误日志,如下所示。
11.22.33.44 - - [05/Sep/2021:10:29:10 -0700] "GET / HTTP/1.1" 502 341 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"
11.22.33.44 - - [05/Sep/2021:10:29:10 -0700] "GET /favicon.ico HTTP/1.1" 200 - "https://api-platform.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"
11.22.33.44 - - [05/Sep/2021:10:29:10 -0700] "GET /favicon.ico HTTP/1.1" 502 341 "https://api-platform.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"
[Sun Sep 05 10:29:30.461504 2021] [proxy_http:error] [pid 111778:tid 140510476093184] (103)Software caused connection abort: [client 11.22.33.44:53690] AH01102: error reading status line from remote server 127.0.0.1:8443
[Sun Sep 05 10:29:30.461535 2021] [proxy:error] [pid 111778:tid 140510476093184] [client 11.22.33.44:53690] AH00898: Error reading from remote server returned by /
[Sun Sep 05 10:29:30.481675 2021] [proxy_http:error] [pid 111778:tid 140510240954112] (103)Software caused connection abort: [client 11.22.33.44:53690] AH01102: error reading status line from remote server 127.0.0.1:8443, referer: https://api-platform.example.com/
[Sun Sep 05 10:29:30.483998 2021] [proxy_http:error] [pid 111778:tid 140510257739520] (103)Software caused connection abort: [client 11.22.33.44:59869] AH01102: error reading status line from remote server 127.0.0.1:8443, referer: https://api-platform.example.com/
[Sun Sep 05 10:29:30.484012 2021] [proxy:error] [pid 111778:tid 140510257739520] [client 11.22.33.44:59869] AH00898: Error reading from remote server returned by /favicon.ico, referer: https://api-platform.example.com/
防火墙设置显示在本文底部。应该如何允许远程访问 HTTP 服务器。
虚拟主机配置文件:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName api-platform.example.com
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ErrorLog /var/log/httpd/api-platform.example.com-error.log
CustomLog /var/log/httpd/api-platform.example.com-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/testing.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testing.example.com/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName api-platform.example.com
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyCheckPeerName off
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
ErrorLog /var/log/httpd/api-platform.example.com-error.log
CustomLog /var/log/httpd/api-platform.example.com-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/testing.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testing.example.com/privkey.pem
</VirtualHost>
</IfModule>
防火墙设置
[michael@localhost api-platform]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s31f6 wlp0s20f3
sources:
services: cockpit dhcpv6-client ssh
ports: 80/tcp 443/tcp 8080/tcp 8443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[michael@localhost api-platform]$
答案1
您不需要主机上有网络服务器。我怀疑这可能是主机上的文件墙。它可能会阻塞端口。