jwilder/nginx-proxy 和 jrcs/letsencrypt-nginx-proxy-companion 后面的 docker 中的 gitea
[英]gitea in docker behind jwilder/nginx-proxy and jrcs/letsencrypt-nginx-proxy-companion
问题描述
I am stuck deploying docker image gitea/gitea:1 behind a reverse proxy jwilder/nginx-proxy with jrcs/letsencrypt-nginx-proxy-companion for automatic certificate updates.
我被困在反向代理 jwilder/nginx-proxy 后面部署 docker 镜像 gitea/gitea:1 和 jrcs/letsencrypt-nginx-proxy-companion 以进行自动证书更新。 gitea is running and I can connect by the http adress with port 3000. The proxy is running also, as I have multiple apps and services eg sonarqube working well. gitea 正在运行,我可以通过 http 地址与端口 3000 进行连接。代理也在运行,因为我有多个应用程序和服务,例如 sonarqube 运行良好。
This is my docker-compose.yml:这是我的 docker-compose.yml:
version: "2"
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
When i call https://gitea.myhost.de the result is当我调用https://gitea.myhost.de 时,结果是
502 Bad Gateway (nginx/1.17.6) 502 错误网关 (nginx/1.17.6)
This is the log entry:这是日志条目:
2020/09/13 09:57:30 [error] 14323#14323: *15465 no live upstreams while connecting to upstream, client: 77.20.122.169, server: gitea.myhost.de, request: "GET / HTTP/2.0", upstream: "http://gitea.myhost.de/", host: "gitea.myhost.de"
and this is the relevant entry in nginx/conf/default.conf:这是 nginx/conf/default.conf 中的相关条目:
# gitea.myhost.de
upstream gitea.myhost.de {
## Can be connected with "frontproxy_default" network
# gitea_server_1
server 172.23.0.10 down;
}
server {
server_name gitea.myhost.de;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name gitea.myhost.de;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/gitea.myhost.de.crt;
ssl_certificate_key /etc/nginx/certs/gitea.myhost.de.key;
ssl_dhparam /etc/nginx/certs/gitea.myhost.de.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/gitea.myhost.de.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://gitea.myhost.de;
}
}
Maybe it's a problem, I used a gitea backup for this container as suggested in https://docs.gitea.io/en-us/backup-and-restore/也许这是一个问题,我按照https://docs.gitea.io/en-us/backup-and-restore/ 中的建议为这个容器使用了 gitea 备份
What can I do to get this running?我该怎么做才能让它运行? I have read this https://docs.gitea.io/en-us/reverse-proxies/ but maybe I missed something.我已经阅读了这个https://docs.gitea.io/en-us/reverse-proxies/但也许我错过了一些东西。 The main point is to get letsencrypt-nginx-proxy-companion automatically managing the certificates.重点是让letsencrypt-nginx-proxy-companion 自动管理证书。
Any help and tip is highly appreciated.任何帮助和提示都非常感谢。
1 个解决方案
解决方案1
1 已采纳 2020-09-30 13:05:03
I believe all you are missing is your VIRTUAL_PORT setting in your gitea container's environment.我相信您所缺少的只是 gitea 容器环境中的 VIRTUAL_PORT 设置。 This tells the reverse proxy container which port to connect with when routing incoming requests from your VIRTUAL_HOST domain, effectively adding along the lines of ":3000" to your upstream server in the nginx conf.这告诉反向代理容器在路由来自您的 VIRTUAL_HOST 域的传入请求时要连接的端口,有效地沿“:3000”行添加到 nginx conf 中的上游服务器。 This is also the case when your containers are all on the same host.当您的容器都在同一主机上时,情况也是如此。 By default, the reverse proxy container only listens on port 80 on that service, but since gitea docker container uses another default port of 3000, you need to tell that to the reverse proxy container essentially.默认情况下,反向代理容器仅侦听该服务的 80 端口,但由于 gitea docker 容器使用另一个默认端口 3000,因此您本质上需要将其告知反向代理容器。 See below using snippet from your compose file.请参阅下面使用撰写文件中的代码段。
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=998
- USER_GID=997
- DB_TYPE=mysql
- DB_HOST=172.17.0.1:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=mysqlpassword
- ROOT_URL=https://gitea.myhost.de
- DOMAIN=gitea.myhost.de
- VIRTUAL_HOST=gitea.myhost.de
- VIRTUAL_PORT=3000 <-------------------***Add this line***
- LETSENCRYPT_HOST=gitea.myhost.de
- LETSENCRYPT_EMAIL=me@web.de
restart: always
ports:
- "3000:3000"
- "222:22"
expose:
- "3000"
- "22"
networks:
- frontproxy_default
volumes:
- /mnt/storagespace/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
frontproxy_default:
external: true
default:
PS: It is not required to expose the ports if all containers are on the same host and there was no other reason other than attempting to get this to work for it. PS:如果所有容器都在同一主机上,则不需要公开端口,并且除了试图让它为它工作之外没有其他原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.