使用下面的 docker compose.yml 我创建了 2 个容器和一个反向代理容器。
version: '3'
services:
# SSGTM Tag Server Container
tagging_server_container:
image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
ports:
- '8080:8080'
restart: always
environment:
PREVIEW_SERVER_URL: https://preview.ssgtm.dev
CONTAINER_CONFIG: aWQ9...
networks:
- ssgtm
# SSGTM Preview Server Container
preview_server_container:
image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
ports:
- '8081:8080'
restart: always
environment:
RUN_AS_PREVIEW_SERVER: true
CONTAINER_CONFIG: aWQ9...
networks:
- ssgtm
proxy:
image: nginx:1.19.10-alpine
ports:
- 80:80
- 443:443
volumes:
- ./conf/nginx.conf:/etc/nginx/nginx.conf
- ./certs:/etc/nginx/certs
depends_on:
- preview_server_container
- tagging_server_container
networks:
- ssgtm
networks:
ssgtm:
driver: bridge
并且还在内部conf/nginx.conf用于mkcert -cert-file ssgtm.dev.crt -key-file ssgtm.dev.key ssgtm.dev "*.ssgtm.dev" localhost 127.0.0.1 ::1创建 SSL 证书和密钥。
events {
worker_connections 1024;
}
http {
upstream docker-tagging-server {
server tagging_server_container:8080;
}
upstream docker-preview-server {
server preview_server_container:8080;
}
server {
listen 443 ssl;
server_name 127.0.0.1;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}
server {
listen 443 ssl;
server_name ssgtm.dev;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-tagging-server;
}
}
server {
listen 443 ssl;
server_name preview.ssgtm.dev;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}
}
我正在将我的 VirtualHost 请求代理到目标容器。
另外,hosts我在下面的文件中添加了本地解析。效果很好...它解析为 127.0.0.1,然后转到 Nginx,再转到其目标容器。
127.0.0.1 preview.ssgtm.dev
::1 preview.ssgtm.dev
127.0.0.1 ssgtm.dev
::1 ssgtm.dev
我面临的问题是... 两个容器应用程序都向域 IP 请求 TCP,端口为 443... 因此,当它向 ssgtm.dev:443 请求时,它变为 127.0.0.1:443,并返回错误Message: connect ECONNREFUSED 127.0.0.1:443,我无法理解此错误。据我所知,它无法连接到端口为 443 的 127.0.0.1,但我已经添加了它!我做错了什么?
答案1
容器无法访问 Nginx,因为它们正尝试连接到它们自己网络命名空间的本地主机,我们可以尝试name host.docker.internal解析为主机使用的内部 IP 地址的特殊 DNS。
修改您的nginx.conf文件,使其不再向ssgtm.dev:443或发出请求127.0.0.1:443,而是向 发出请求host.docker.internal:443。
server {
listen 443 ssl;
server_name host.docker.internal;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://docker-preview-server;
}
}