无法端口转发 Docker Nginx 反向代理

tag-icon tag-icon nginx docker nextcloud ubiquiti
无法端口转发 Docker Nginx 反向代理

我花了很多时间在这上面,现在是时候使用救命稻草了。我正在运行 wonderwall/nextcloud Docker 容器,并设置了一个 Nginx 容器来代理它。它在我的内部网络中运行良好,但是当我尝试通过我的 Ubiquiti USG 进行端口转发时,每次从外部连接的尝试都会导致超时。我知道我的 USG 运行正常,因为我使用的另一个没有运行 Nginx 的 Docker 容器使用与下面相同的 macvlan 网络(物理)运行良好。

我的docker-compose文件:

networks:
   backend:
      driver: bridge
   physical:
      external: true
services:
   nextcloud-app:
       container_name: nextcloud-app
       depends_on:
          - nextcloud-db
       environment:
          - UID=1031
          - GID=1031
          - UPLOAD_MAX_SIZE=10G
          - APC_SHM_SIZE=128M
          - OPCACHE_MEM_SIZE=128
          - CRON_PERIOD=15m
          - TZ=(redacted)
          - ADMIN_USER
          - ADMIN_PASSWORD
          - DOMAIN=(redacted)
          - DB_TYPE=mysql
          - DB_NAME=(redacted)
          - DB_USER=(redacted)
          - DB_PASSWORD=(redacted)
          - DB_HOST=nextcloud-db
       image: wonderfall/nextcloud:latest
       networks:
          backend: null
       restart: unless-stopped
       volumes:
          - nextcloud_apps:/apps2
          - nextcloud_config:/config
          - nextcloud_data:/data
          - nextcloud_themes:/nextcloud/themes
   nextcloud-db:
      container_name: nextcloud-db
      environment:
         - MYSQL_ROOT_PASSWORD=(redacted)
         - MYSQL_DATABASE=(redacted)
         - MYSQL_USER=(redacted)
         - MYSQL_PASSWORD=(redacted)
      image: mariadb:10
      networks:
         backend: null
      restart: unless-stopped
      volumes:
         - nextcloud_db:/var/lib/mysql
   nextcloud-web:
      container_name: nextcloud-web
      depends_on:
         - nextcloud-app
      image: nginx
      networks:
         backend: null
         physical:
            ipv4_address: 192.168.1.10
      restart: unless-stopped
      volumes:
         - nextcloud_proxy_config:/etc/nginx/conf.d
         - nextcloud_proxy_ssl:/certs
version: '3.0'
volumes:
   nextcloud_apps:
      external: true
   nextcloud_config:
      external: true
   nextcloud_data:
      external: true
   nextcloud_db:
      external: true
   nextcloud_proxy_config:
      external: true
   nextcloud_proxy_ssl:
      external: true
   nextcloud_themes:
      external: true

我的 /etc/nginx/conf.d/default.conf 文件:

server {
   listen 80;
   server_name (redacted);
   return 301 https://$host$request_uri;
}

server {
   listen 443 ssl http2;
   server_name (redacted);

   client_max_body_size 10G;

   ssl_certificate     /certs/server.crt;
   ssl_certificate_key /certs/server.key

   location / {
      proxy_pass http://nextcloud-app:8888;
      proxy_set_header        Host                 $host;
      proxy_set_header        X-Real-IP            $remote_addr;
      proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
      proxy_set_header        X-Remote-Port        $remote_port;
      proxy_set_header        X-Forwarded-Proto    $scheme;
      proxy_redirect          off;
   }
}

最后是物理macvlan网络的配置:

$ docker network inspect physical
[
    {
        "Name": "physical",
        "Id": "999be40dea19b51fbeb3bda5501288f52365aa2ce155b5a5fedede3270fdf959",
        "Created": "2017-04-12T00:45:37.306899171-07:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.1.0/24",
                    "Gateway": "192.168.1.254"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {
            "92f04d62dfd43c5b9bb6ef290186bd5f7926b82d8232ee1bd6e488694d086240": {
                "Name": "(redacted)",
                "EndpointID": "c547179a88c11681d9abd83f020a92b1a1f341575d12423a7e0e5f3efe1d9a40",
                "MacAddress": "(redacted)",
                "IPv4Address": "192.168.1.9/24",
                "IPv6Address": ""
            },
            "cd14e07bbf7435274610ff10ec2a16035df71440772ab63f8e4973599d809b60": {
                "Name": "nextcloud-web",
                "EndpointID": "57e86f161ea2d578aadb6b99bfabe6da6dcdf2070ff91bfd30c0f450b076bc63",
                "MacAddress": "(redacted)",
                "IPv4Address": "192.168.1.10/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "eno1"
        },
        "Labels": {}
    }
]

如有任何见解我将非常感激!

答案1

除了桥接之外,我还没有成功让 nginx-proxy 在任何网络模式下工作。以下是我在我的机器上安装 nextcloud 的方法

### mysql ###
docker run \
-d \
--name mysql \
--network=host \
--restart=always \
-e MYSQL_ROOT_PASSWORD=redacted \
-v /home/redacted/docker/mysql/:/var/lib/mysql/ \
mysql

然后通过连接到容器来设置数据库和权限

docker exec -it mysql mysql -u root -p
create database nextcloud;
grant all privileges on nextcloud.* to nextcloud@'172.17.0.%' identified by 'nextcloud' with grant option;
flush privileges;

然后加载 nextcloud

### nextcloud ###
docker run \
-d \
--name nextcloud \
-p 8000:80 \
-p 8001:443 \
--restart=always \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=/etc/localtime:ro \
-e VIRTUAL_HOST=cloud.hostname.com \
-e LETSENCRYPT_HOST=cloud.hostname.com \
-e [email protected] \
-v /home/redacted/docker/nextcloud:/var/www/html \
nextcloud

然后加载 nginx-proxy 和 letsencrypt

### nginx-proxy ###
docker run \
-d \
-p 80:80 \
-p 443:443 \
--name nginx-proxy \
--restart=always \
-v /home/redacted/docker/nginx-proxy/certs:/etc/nginx/certs:ro \
-v /home/redacted/docker/nginx-proxy/vhost.d:/etc/nginx/vhost.d \
-v /home/redacted/docker/nginx-proxy/html:/usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy

### letsencrypt ###
docker run \
-d \
--name=nginx-letsencrypt \
--volumes-from nginx-proxy \
--restart=always \
-v /home/redacted/docker/nginx-proxy/certs:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
jrcs/letsencrypt-nginx-proxy-companion

然后只需将client_max_body_size 10G;其添加到nginx.confnginx-proxy 中并更改 nextcloud 中 .user.ini 和 .htaccess 中的最大大小。

相关内容