Nginx 容器502坏网关
[英]Nginx container 502 Bad Gateway
问题描述
I know this has been asked before and I've probably read most of these posts, but I am unable to get a combination working.
我知道以前有人问过这个问题,而且我可能已经阅读了大部分这些帖子,但我无法让组合工作。
I am trying to use Nginx as an HTTPS reverse proxy to front Sonatype Nexus 3. Both Nexus and Nginx are containers running on a Linux (Fedora Server) docker host (192.168.60.204 / svr1.domain.com). I am trying to use Nginx as an HTTPS reverse proxy to front Sonatype Nexus 3. Both Nexus and Nginx are containers running on a Linux (Fedora Server) docker host (192.168.60.204 / svr1.domain.com).
- I can navigate to Nginx ( https://svr1.domain.com ) from another PC (192.168.40.10)我可以从另一台 PC (192.168.40.10) 导航到 Nginx ( https://svr1.domain.com )
- I can navigate to Nexus ( http://svr1.domain.com:8081 ) from another PC (192.168.40.10)我可以从另一台 PC (192.168.40.10) 导航到 Nexus ( http://svr1.domain.com:8081 )
- I can navigate to Nexus ( http://nexus.domain.com:8081 ) from another PC (192.168.40.10)我可以从另一台 PC (192.168.40.10) 导航到 Nexus ( http://nexus.domain.com:8081 )
However, when I enable proxy_pass I get 502 Bad Gateway Running docker logs --tail 50 --follow --timestamps nginx-nexus from the docker host, I get:但是,当我启用proxy_pass我得到502 Bad Gateway Running docker logs --tail 50 --follow --timestamps nginx-nexus from the docker 主机,我得到:
[error] 6#6: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.60.1, server: nexus.domain.com, request: "GET / HTTP/1.1", upstream: "http://192.168.60.204:8081/", host: "nexus.domain.com"
192.168.60.1 is the default gateway for the network the Docker host is on so I have no idea why it appears to be trying to connect to this. 192.168.60.1 是 Docker 主机打开的网络的默认网关,所以我不知道为什么它似乎试图连接到这个。
nexus.domain.com is a CNAME pointing to the Docker host. nexus.domain.com 是指向 Docker 主机的 CNAME。
I can connect to the Nginx container using docker exec -it nginx-nexus sh (Thanks @arik) and successfully ping nexus.domain.com .我可以使用docker exec -it nginx-nexus sh (感谢@arik)连接到 Nginx 容器并成功 ping nexus.domain.com 。
I've tried many permutations of nginx.conf as you can see from the commented out code:从注释掉的代码中可以看出,我已经尝试了nginx.conf的许多排列:
client_max_body_size 4G;
server {
listen *:80;
location / {
return 301 https://$host$request_uri;
}
}
upstream foo{
#insert your hosts ip here
server nexus.domain.com:8081;
}
server {
listen 443 ssl;
server_name nexus.domain.com;
ssl_certificate /etc/nginx/certs/nexus.crt.pem;
ssl_certificate_key /etc/nginx/certs/nexus.key.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
#resolver 127.0.0.11 valid=5s;
proxy_pass http://nexus.domain.com:8081/;
#proxy_redirect off;
#proxy_set_header Host $http_host;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I'd like to think the Docker networking is correct as I have another working container using nginx is a similar way.我想认为 Docker 网络是正确的,因为我有另一个使用 nginx 的工作容器是类似的方式。
If anyone can shed some light on what I have wrong, I'd be most grateful.如果有人能阐明我的错误之处,我将不胜感激。 TIA TIA
Update 1更新 1
As per advise from @Arix in comments, under location / { I added:根据@Arix 在评论中的建议,在location / {我添加了:
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
With the following error:出现以下错误:
$ docker logs --tail 50 --follow --timestamps nginx-nexus
2020-06-26T13:14:52.105017039Z 2020/06/26 13:14:52 [error] 6#6: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.60.1, server: nexus.domain.com, request: "GET / HTTP/1.1", upstream: "http://192.168.60.204:8081/", host: "nexus.domain.com"
2020-06-26T13:14:52.105371984Z 192.168.60.1 - - [26/Jun/2020:13:14:52 +0000] "GET / HTTP/1.1" 502 560 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
1 个解决方案
解决方案1
0 2020-06-28 23:26:11
It appears it was a DNS issue, which I don't fully understand, but would love to learn what the reason is.看来这是一个 DNS 问题,我不完全理解,但很想知道原因是什么。
Also, I was too quick on the refresh button.另外,我在刷新按钮上太快了。 It takes about 15 - 30 seconds on my setup for both Nginx and Nexus to be fully up and running.我的 Nginx 和 Nexus 设置需要大约 15 - 30 秒才能完全启动并运行。
TL;DR: TL;博士:
Remove domain, changing: proxy_pass http://nexus.domain.com:8081 to proxy_pass http://nexus:8081删除域,更改: proxy_pass http://nexus.domain.com:8081到proxy_pass http://nexus:8081
Full story:全文:
Bringing up a shell inside the Nginx container and pinging nexus.domain.com resolves the IP of the Docker host - which is what I thought I would want. Bringing up a shell inside the Nginx container and nexus.domain.com the IP of the Docker host - which is what I thought I would want.
Pinging nexus resolves to the Docker internal IP address for this container. ping 连接解析到此容器的nexus内部 IP 地址。
It seems to be working without the resolver section.它似乎在没有resolver部分的情况下工作。 For completeness, here is my nginx.conf:为了完整起见,这是我的 nginx.conf:
client_max_body_size 4G;
server {
listen 80;
server_name nexus.domain.com;
location / {
return 301 https://$host$request_uri;
}
}
#resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
server {
listen 443 ssl;
server_name nexus.domain.com;
ssl_certificate /etc/nginx/certs/nexus.crt.pem;
ssl_certificate_key /etc/nginx/certs/nexus.key.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://nexus:8081/;
proxy_redirect off;
proxy_set_header Host $http_host;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Gets CSS working
#proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I'd love to know what's going on with DNS, if anyone has the time to explain...如果有人有时间解释,我很想知道 DNS 发生了什么……
HTH高温高压
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.