使用“ nginx-proxy” docker容器配置的目标网站上的网关错误
[英]Bad gateway error on target website configured using the “nginx-proxy” docker container
问题描述
I try to resolve a 502 gateway error on my vps on latex.comnmodel.org , using the great nginx-proxy docker container. 
我尝试使用出色的nginx-proxy latex.comnmodel.org容器解决latex.comnmodel.org上我的vps上的502网关错误 。 I'm lost in config, so i crosspost this problem as a question in github , and here to find an help. 我在config中迷路了,所以我把这个问题作为一个问题交叉发布在github中 ,并在这里找到帮助。
My docker0 is 172.17.0.1 , and the docker -ps command return : 我的docker0是172.17.0.1 ,并且docker0 docker -ps命令返回:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dca0d15c69bf sharelatex/sharelatex "/sbin/my_init" 2 minutes ago Up 2 minutes 0.0.0.0:5000->80/tcp sharelatex
55ebd6b84a6a osixia/phpldapadmin "/container/tool/run" 3 days ago Up 3 days 80/tcp, 443/tcp sleepy_thompson
e8fe2bd50c3a osixia/openldap "/container/tool/run" 3 days ago Up 3 days 389/tcp, 636/tcp dreamy_babbage
9597ef0cded5 jwilder/nginx-proxy "/app/docker-entrypoi" 3 days ago Up 3 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp pensive_raman
I create the sharelatex image with and without VIRTUAL_PORT option : 我创建带有和不带有VIRTUAL_PORT选项的sharelatex图像:
sudo docker run -d -e "VIRTUAL_HOST=latex.comnmodel.org" -e "VIRTUAL_PORT=80" -v ~/sharelatex_data:/var/lib/sharelatex -p 5000:80 --name=sharelatex sharelatex/sharelatex
The docker exec pensive_raman grep -vE '^\\s*$' /etc/nginx/conf.d/default.conf return docker exec pensive_raman grep -vE '^\\s*$' /etc/nginx/conf.d/default.conf返回
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
upstream latex.comnmodel.org {
# sharelatex
server 172.17.0.5:80;
}
server {
server_name latex.comnmodel.org;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://latex.comnmodel.org;
}
}
upstream ldap.comnmodel.org {
# sleepy_thompson
server 172.17.0.4:80;
}
server {
server_name ldap.comnmodel.org;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://ldap.comnmodel.org;
}
}
When i ping latex.comnmodel.org located on my vps ip 51.255.47.40 : 当我ping latex.comnmodel.org位于我的vps ip 51.255.47.40 :
PING latex.comnmodel.org (51.255.47.40) 56(84) bytes of data.
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=1 ttl=50 time=14.6 ms
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=2 ttl=50 time=12.9 ms
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=3 ttl=50 time=13.6 ms
The docker logs pensive_raman return docker logs pensive_raman返回
nginx.1 | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:23 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
nginx.1 | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:26 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
nginx.1 | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:32 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
I try to connect to pensive_raman (the name of nginx-proxy image) and ping the sharelatex container 172.0.17.5 , without success, is there a problem with my network config ? 我尝试连接到pensive_raman (nginx代理映像的名称)并ping sharelatex容器172.0.17.5 ,但没有成功,我的网络配置是否存在问题?
Do I need to use the
--linkoption ofdocker runto connect nginx-proxy container and sharelatex container ?我是否需要使用--linkdocker run的--link选项连接nginx-proxy容器和sharelatex容器?I have two 80 port on
0.0.0.0, it can be the problem, i need to precise an ip172.17.0.5when i run the sharelatex image ?我在0.0.0.0上有两个80端口,这可能是问题所在,当我运行sharelatex映像时,我需要精确设置IP172.17.0.5? This is not clean这不干净
The website latex.comnmodel.org return a 502 bad gateway , what i miss here, this is very frustrating :( 网站latex.comnmodel.org返回502 bad gateway ,我在这里想念的是,这非常令人沮丧:(
UPDATE 1 : 更新1:
Documentation says that if --icc = false , the command sudo iptables -L -n command contain a DROP RULE. 文档说,如果--icc = false ,则命令sudo iptables -L -n命令包含DROP RULE。 It seems this is not the case, so icc option take the default true value. 似乎并非如此,因此icc选项采用默认的true值。
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 172.17.0.5 tcp dpt:80
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
1 个解决方案
解决方案1
0 2015-11-24 19:01:07
检查是否正在使用--icc=false运行--icc=false守护进程(容器间通信)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.