让 SSL 与两个 Docker 容器前的反向 NGINX 代理协同工作

tag-icon tag-icon nginx ssl docker
让 SSL 与两个 Docker 容器前的反向 NGINX 代理协同工作

我已经为此挣扎了几个小时。我知道我在这里忽略了一些简单的东西,因为在我的本地主机上,一切都以 SSL 的形式运行,使用自产证书,而且在本地主机上运行完全正常。

问题是 - 当我通过 HTTPS 访问 url produktivv.com/api/testme 时,代理不起作用,也没有响应。但是,当我取消 SSL - 并通过 HTTP 访问时,它工作正常。

在堆栈上使用 docker-compose。我有一个 node.js 后端和一个 react 前端。我已经设置了 letsencrypt 证书等,并且确实加载了前端,但我似乎无法访问

使用此 NGINX 配置可以正常工作

upstream client {
  server client:3000;
}
upstream api {
  server api:5000;
}
server {
  listen 80;
  location / {
    proxy_pass http://client;
  }
    location ~ /.well-known/acme-challenge {
        allow all;
        root /usr/share/nginx/html;
    }
  location /sockjs-node {
    proxy_pass http://client;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
  }
  location /api {
    proxy_pass http://api;
  }
    location /auth {
    proxy_pass http://api;
  }
}

不适用于此配置。

upstream client {
  server client:3000;
}
upstream api {
  server api:5000;
}
server {
    listen      80;
    listen [::]:80;
    server_name produktivv.com www.produktivv.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }
}

#https://produktivv.com
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name produktivv.com;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;

    ssl_buffer_size 8k;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    return 301 https://www.produktivv.com$request_uri;
}

#https://www.produktivv.com
server {
    server_name www.produktivv.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_tokens off;

    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;

    ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;

        location / {
            proxy_pass http://client;
        }
        location /sockjs-node {
            proxy_pass http://client;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
        location /api {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_set_header   Host $http_host;
            proxy_pass http://api;
        }
        location /auth {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_set_header   Host $http_host;
            proxy_pass http://api;
        }
}

Docker Compose 文件。

相关内容