两个 Docker 容器前的反向 NGINX 代理不起作用

两个 Docker 容器前的反向 NGINX 代理不起作用

我有这样的配置:

upstream frontend_upstream {
    # FrontEnd part based on `frontend` container with React app.
    server frontend:3000;
}

server {
    ...
    listen 80;
    server_name  stage.example.com;

    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        # Define the location of the proxy server to send the request to
        # Web it's a name of Docker container with a frontend.
        proxy_pass https://frontend_upstream;

        ...
    }

    # Setup communication with API container.
    location /api {
        proxy_pass http://api:9002;
        rewrite "^/api/(.*)$" /$1 break;
        proxy_redirect     off;
    }
}
server {
    listen 443 ssl;
    server_name stage.example.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/stage.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/stage.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://frontend_upstream;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

我希望能够通过 HTTP 和 HTTPs 连接到我的应用程序,但却SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream遇到了问题。

这个配置有什么问题?有很多类似的问题,但没有一个能帮我解决。

答案1

你的上游应该正在HTTPSHTTPfrontend_upstream

就像你写的那样,一个HTTPS80block,另一个HTTP是 443 block

在向 frontend_upstream 发出请求之前,请先检查它是否使用 TLSHTTPS

相关内容