stackoom
  简体   繁体   中英

nginx & docker - Forwarding port 80/443 to 3000

 原文  2017-08-17 11:07:15       docker/ nginx/ portforwarding

Question

I'm using docker-compose to config my app with a meteor app container and an nginx container, here's my docker-compose file: 

version: '2'
services:
  webapp:
    image: webapp.image.uri:latest
    ports:
     - "3000:3000"
    environment:
     - ROOT_URL=https://my.app.url
  nginx:
    image: nginx.image.uri:latest
    volumes:
      - certs:/etc/letsencrypt
      - certs-data:/data/letsencrypt
    ports:
     - "80:80"
     - "443:443"

I'm using nginx for handling HTTPS requests. What I want to do is to configure nginx so that, when user access my.app.url I can get the meteor app (port 3000) working on port 443 .
By the way, here's the nginx config that I'm using: 

server {
    listen      80;
    listen [::]:80;
    server_name my.app.url;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ^~ /.well-known {
        allow all;
        root  /data/letsencrypt/;
    }
}

server {
    listen      443           ssl http2;
    listen [::]:443           ssl http2;
    server_name               my.app.url;

    ssl                       on;

    add_header                Strict-Transport-Security "max-age=31536000" always;

    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;

    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 8.8.4.4;

    ssl_certificate           /etc/letsencrypt/live/my.app.url/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/my.app.url/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/my.app.url/chain.pem;

    access_log                /dev/stdout;
    error_log                 /dev/stderr info;

    # other configs
}

Thanks so much in advanced !

2 answers

solution1
 0  2017-08-17 13:52:49

What I want to do is to configure nginx so that, when user access my.app.url I can get the meteor app working on port 443

You can use the nginx_http_rewrite_module to redirect http to https permanently. Change your first server block to this: 

server {
  listen      80;
  listen [::]:80;
  server_name my.app.url;
  return 301 https://my.app.url$request_uri;
}

more of nginx_http_rewrite_module you can refer this http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

About port forward, imagine your app server listen the port 3000, you can add an upstream block to the http block. 

upstream app {
    server 127.0.0.1:3000; #image the nginx is in same machine with your app server
}

AND add this line to your second server block : 

proxy_pass https://app;

And now all connections from outside will be https and you app listened at port 3000 could also handle request from 443.

solution2
 0 ACCPTED  2017-08-20 03:15:11

I got it working. This is how I modified my docker-compose.yml file: 

version: '2'
services:
  webapp:
    image: webapp.image.uri:latest
    ports:
     - "3000:3000"
    environment:
     - ROOT_URL=https://my.app.url
  nginx:
    image: nginx.image.uri:latest
    volumes:
      - certs:/etc/letsencrypt
      - certs-data:/data/letsencrypt
    ports:
     - "80:80"
     - "443:443"
    links:  # new
     - webapp
    volumes_from:
     - webapp

And this is the nginx config file: 

server {
    listen      80;
    listen [::]:80;
    server_name my.app.url;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ^~ /.well-known {
        allow all;
        root  /data/letsencrypt/;
    }
}

server {
    listen      443           ssl http2;
    listen [::]:443           ssl http2;
    server_name               my.app.url;

    ssl                       on;

    add_header                Strict-Transport-Security "max-age=31536000" always;

    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;

    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 8.8.4.4;

    ssl_certificate           /etc/letsencrypt/live/my.app.url/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/my.app.url/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/my.app.url/chain.pem;

    access_log                /dev/stdout;
    error_log                 /dev/stderr info;

    # other configs

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect    off;
        proxy_pass         http://webapp:3000;
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create an nginx service in a docker swarm at port 443 and 80 Trying to get nginx proxy to work on port 80 and 443 for node.js with docker Docker nginx connection refused (port 80 and 443) when using corporate signed certificate AWS EC2: Cannot reach port 80 or 443 (https) using letsencrypt and nginx via docker Unblocking port 80 / nginx / docker Port 80 and Port 443 not accessible when published via `ports` in Docker Docker on Windows server and multiple websites listening port 80 and 443 Not able to map Nginx Port 80 with docker container port 80 Docker: Multiple container on port 80 without NGinx Docker Nginx disable default exposed port 80
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM