jwilder/nginx-proxy 设置多个 php fpm 容器

jwilder/nginx-proxy 设置多个 php fpm 容器

我正在尝试运行官方的 nextcloud docker-compose.yml(https://github.com/nextcloud/docker/blob/master/.examples/docker-compose.yml)与 mailcow-dockerized(https://github.com/mailcow/mailcow-dockerized) 项目。
它确实有效,我可以在浏览器中访问这两个应用程序(甚至电子邮件发送和接收都可以):),只有一个缺点,只要两个应用程序都尝试访问 fpm,vps 就会崩溃。
所以我认为这可能与它们都想访问主机的端口 9000 有关。

因此我接下来尝试做的是更改每个主机配置以添加 fastcgi 传递:
.examples/proxy/VIRTUAL_HOST_location

fastcgi_pass nextcloud_fpm:9000;

但是我得到一个空白页,没有 nginx 或 fastcgi 错误(docker logs proxy -f --since 2)。并docker logs nextcloud_fpm -f --since 2输出以下内容:

172.19.0.7 - 2017 年 9 月 8 日:13:07:32 +0000 “-” 200
172.19.0.7 - 2017 年 9 月 8 日:13:07:40 +0000 “-” 200

version: '2' services:   proxy:
    image: jwilder/nginx-proxy
    container_name: proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./proxy/conf.d:/etc/nginx/conf.d
      - ./proxy/vhost.d:/etc/nginx/vhost.d
      - ./proxy/html:/usr/share/nginx/html
      - ./proxy/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
    restart: always

  letsencrypt-companion:
    image: alastaircoote/docker-letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-companion
    volumes_from:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./proxy/certs:/etc/nginx/certs:rw
    restart: always

  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
      - collabora
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=${DOMAIN}
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=${DOMAIN}
      - LETSENCRYPT_EMAIL=
    networks:
      - proxy-tier
    restart: always

  app:
    image: nextcloud:fpm
    container_name: nextcloud_fpm
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: always

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=
    networks:
      - proxy-tier
    restart: always

  redis:
    image: redis
    container_name: redis
    networks:
      - proxy-tier
    restart: always

  collabora:
    image: collabora/code
    container_name: collabora
    cap_add:
      - MKNOD
    environment:
      - domain=${DOMAIN}
    networks:
      - proxy-tier
    restart: always

networks:   proxy-tier:
    external:
      name: nginx-proxy

mailcow docker-compose 摘录(与原文有变化的部分):

  php-fpm-mailcow:
      image: mailcow/phpfpm:1.0
      build: ./data/Dockerfiles/phpfpm
      command: "php-fpm -d date.timezone=${TZ}"
      depends_on:
        - redis-mailcow
      volumes:
        - ./data/web:/web:ro
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro
        - dkim-vol-1:/data/dkim
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - IMAP_PORT=${IMAP_PORT:-143}
        - IMAPS_PORT=${IMAPS_PORT:-993}
        - POP_PORT=${POP_PORT:-110}
        - POPS_PORT=${POPS_PORT:-995}
        - SIEVE_PORT=${SIEVE_PORT:-4190}
        - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
        - SMTPS_PORT=${SMTPS_PORT:-465}
        - SMTP_PORT=${SMTP_PORT:-25}
      restart: always
      dns:
        - 172.22.1.254
      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
            - phpfpm

  nginx-mailcow:
      depends_on:
        - sogo-mailcow
        - php-fpm-mailcow
      image: nginx:mainline-alpine
      healthcheck:
        test: ["CMD", "ping", "php-fpm-mailcow", "-c", "5"]
        interval: 5s
        timeout: 5s   
        retries: 10
      command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
        envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
        envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
        nginx -g 'daemon off;'"
      environment:
        - HTTPS_PORT=${HTTPS_PORT:-443}
        - HTTP_PORT=${HTTP_PORT:-80}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - VIRTUAL_HOST=${MAILCOW_HOSTNAME}
        - VIRTUAL_NETWORK=nginx-proxy
        - VIRTUAL_PORT=${HTTP_PORT:-80}
        - LETSENCRYPT_HOST=${MAILCOW_HOSTNAME}
        - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
          volumes:
            - ./data/web:/web:ro
            - ./data/conf/rspamd/dynmaps:/dynmaps:ro
            #- ./data/assets/ssl/:/etc/ssl/mail/:ro
            - mailcerts:/etc/ssl/mail/:ro
            - ./data/conf/nginx/:/etc/nginx/conf.d/:rw
          expose:
            - "${HTTP_PORT:-80}"
          #ports:
          #  - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
          #  - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
          restart: always
          dns:
            - 172.622.1.254
          dns_search: mailcow-network
          networks:
            mailcow-network:
              ipv4_address: 172.22.1.251
              aliases:
                - nginx
            proxy-tier:

# At the end of the docker-compse:
networks:
  mailcow-network:
    driver: bridge
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: 172.22.1.0/24
        - subnet: fd4d:6169:6c63:6f77::/64
  proxy-tier:
    external:
      name: nginx-proxy

volumes:
  vmail-vol-1:
  mysql-vol-1:
  dkim-vol-1:
  redis-vol-1:
  rspamd-vol-1:
  postfix-vol-1:
  crypt-vol-1:
  mailcerts:
    driver_opts:
      type: none
      device: /opt/nextcloud-docker/.examples/proxy/certs/${MAILCOW_HOSTNAME}
      o: bind

所以我现在看到,它们有各自的 nginx 文件。nextcloud 的部分(在 github repo 上也可用,但我不能发布超过 2 个链接,谢谢 sf!):

user www-data;

events {
  worker_connections 768;
}

http {
  upstream backend {
      server app:9000;
  }
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  server {
    listen 80;

    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    root /var/www/html;
    client_max_body_size 10G; # 0=unlimited - set max upload size
    fastcgi_buffers 64 4K;

    gzip off;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
    rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
    }

    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
      deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
      deny all;
    }

    location / {
      rewrite ^/remote/(.*) /remote.php last;
      rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
      try_files $uri $uri/ =404;
    }

    location ~ \.php(?:$|/) {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_param PATH_INFO $fastcgi_path_info;
      fastcgi_param HTTPS on;
      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
      fastcgi_pass backend;
      fastcgi_intercept_errors on;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
    location ~* \.(?:css|js)$ {
      add_header Cache-Control "public, max-age=7200";
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
      # Optional: Don't log access to assets
      access_log off;
    }

    # Optional: Don't log access to other assets
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
      access_log off;
    }

    # collabora static files
    location ^~ /loleaflet {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # collabora WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # collabora websockets, download, presentation and image upload
    location ^~ /lool {
        proxy_pass https://collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
  }
}

这意味着,我已经错误地获取了 fastcgi 传递的容器名称,而不是app来自 docker-compose 的容器 :(。
但这导致*4 connect() failed (111: Connection refused) while connecting to upstream, client:

mailcow 的部分(也可以在 github repo 中找到):

server {
  listen 8081;
  listen [::]:8081;
  index index.php index.html;
  server_name _;
  error_log  /var/log/nginx/error.log;
  access_log /var/log/nginx/access.log;
  root /dynmaps;

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
  }
}

我现在不确定是什么导致我的服务器崩溃。我知道的是docker ps | grep 9000输出如下:

4c04c978c4d5        nextcloud:fpm                                            "/entrypoint.sh ph..."   8 minutes ago       Up 7 minutes          9000/tcp                                                                                                                                                        nextcloud_fpm
9ff7a19d0253        mailcow/phpfpm:1.0                                       "/docker-entrypoin..."   2 days ago          Up 2 days             9000/tcp                                                                                                                                                        mailcowdockerized_php-fpm-mailcow_1

我仍然认为,这会导致它崩溃。

nmap -p 9000 cloud.mydomain.com输出如下:

Starting Nmap 7.01 at 2017-09-09 09:14 CEST
Nmap scan report for cloud.mydomain.com (ip)
Host is up (0.029s latency).
rDNS record for ip: mail.mydomain.com
PORT     STATE  SERVICE
9000/tcp closed cslistener

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

我不明白第一次使用 nmap 这意味着什么。

相关内容