Docker容器上的应用程序之间的卷曲连接被拒绝

Question

我有一个网站（ZF1）和一个API（Laravel）在同一个Docker（Laradock）容器上运行。 我可以通过浏览器分别访问它们，但是当我从网站向应用程序发出cURL请求时，我得到一个空响应，并且标头返回0。如果输出cURL错误，那么我得到了：

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, '[API_ENDPOINT]');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_close ($ch);

echo curl_strerror(curl_errno($ch));

(7) Failed to connect to [API_HOST] port 80: Connection refused

但是，如果我从应用程序向https://www.google.com发出了cURL请求，则它将返回结果。 我也尝试使用file_get_contents（），但未收到任何响应和以下警告：

[Thu May 18 21:41:33.828737 2017] [proxy_fcgi:error] [pid 949:tid 139999802541824] [client 172.20.0.1:49652] AH01071: Got error 'PHP message: PHP Warning:  file_get_contents
([API_ENDPOINT]): failed to open stream: Connection refused in /var/www/projects/[APPLICATION_PATH]/[CONTROLLER].php on line 2367\n', referer: [WEBSITE_HOST]/[URI]

我还通过SSH进入Apache2容器，并能够成功调用cURL到API_ENDPOINT并获得了预期的数据。 然后，我尝试使用wget获取标头信息并收到以下信息：

root@cd3a4177dcfa:/var/log/apache2# wget --header="Host: http://subdomain.example.dev/api/calendarevents" -Os http://localhost
--2017-05-19 07:28:15--  http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2017-05-19 07:28:16--  (try: 2)  http://localhost/
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

如果是Apache2问题，这是我的API VirtualHost：

Listen 80
<VirtualHost *:80>
  ServerName subdomain.example.dev
  DocumentRoot /var/www/projects/[API_PROJECT]/public/
  CustomLog /var/log/apache2/[API_HOST]-access.log combined
  ErrorLog /var/log/apache2/[API_HOST]-error.log
  Options Indexes FollowSymLinks

  <Directory "/var/www/projects/[API_PROJECT]/public/">
      Options FollowSymLinks
      AllowOverride All
      Require all Granted
  </Directory>

  # set environment
  #SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 // Did not notice a difference in behavior when enabled
  #CGIPassAuth on // Sites stopped loading when enabled
</VirtualHost>

和网站VirtualHost：

Listen 80
<VirtualHost *:80>
  ServerName [WEBSITE_HOST]
  DocumentRoot /var/www/projects/[WEBSITE_PROJECT]
  ErrorLog /var/log/apache2/[WEBSITE_HOST]-error.log
  Options Indexes FollowSymLinks

  <Directory "/var/www/projects/[WEBSITE_PROJECT]/repo">
    Options FollowSymLinks
    AllowOverride All
    Require all Granted
  </Directory>

  # set environment
  SetEnv APPLICATION_ENV development
  SetEnv APPLICATION_LOGGING false
  #SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 // Did not notice a difference in behavior when enabled
  #CGIPassAuth on // Sites stopped loading when enabled
</VirtualHost>

这是Docker信息（Windows 10 / Hyper V / Docker版本17.03.1-ce-win12（12058）通道：稳定）

Containers: 9
 Running: 5
 Paused: 0
 Stopped: 4
Images: 233
Server Version: 17.03.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.27-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.837 GiB
Name: moby
ID: PE42:IS45:4OO6:JMEQ:NWNB:NQDF:RPEL:JPHJ:L6OP:A5SL:IDP3:F7SV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 86
 Goroutines: 74
 System Time: 2017-05-19T04:52:50.5943959Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

这些是我当前正在运行的容器：

CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                                      NAMES
cd3a4177dcfa        laradock_apache2     "/opt/docker/bin/e..."   8 hours ago         Up 8 hours          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   laradock_apache2_1
8ef66cb80a2e        laradock_php-fpm     "docker-php-entryp..."   8 hours ago         Up 8 hours          9000/tcp                                   laradock_php-fpm_1
988eff458036        laradock_workspace   "/sbin/my_init"          8 hours ago         Up 8 hours          0.0.0.0:2222->22/tcp                       laradock_workspace_1
8be5253e8622        laradock_redis       "docker-entrypoint..."   8 hours ago         Up 8 hours          0.0.0.0:6379->6379/tcp                     laradock_redis_1
aa6d8d6ae950        laradock_mysql       "docker-entrypoint..."   8 hours ago         Up 8 hours          0.0.0.0:3306->3306/tcp                     laradock_mysql_1

我不确定是什么原因导致同一容器上两个站点之间的连接被拒绝。 我检查了我的php.ini，并启用了curl和allow_url_fopen = on。 我可以直接通过浏览器和CLI cURL访问API_ENDPOINT并获得预期的结果。 在这一点上，我最好的猜测是某种端口冲突，授权标头被阻止，Apache2配置或某种奇怪的Docker / Laradock问题。 我还认为Apache2和PHP-FPM之间可能存在冲突，但是这里详细介绍的解决方案似乎对我不起作用。

在此先感谢您提供的任何帮助。

Answer 1

我弄清楚是什么原因导致了我的问题 。 我需要在docker-compose.yml文件的PHP-FPM部分添加一个额外的主机。 因此添加：

- "subdomain.example.app:10.0.75.1"

为了额外的主机。 然后，您需要重建容器：

docker-compose up -d --build apache2 mysql redis

这是docker-compose.yml的Laradock的PHP-FPM部分应如下所示：

php-fpm:
      build:
        context: ./php-fpm
        args:
          - INSTALL_XDEBUG=${PHP_FPM_INSTALL_XDEBUG}
          - INSTALL_BLACKFIRE=${INSTALL_BLACKFIRE}
          - INSTALL_SOAP=${PHP_FPM_INSTALL_SOAP}
          - INSTALL_MONGO=${PHP_FPM_INSTALL_MONGO}
          - INSTALL_ZIP_ARCHIVE=${PHP_FPM_INSTALL_ZIP_ARCHIVE}
          - INSTALL_BCMATH=${PHP_FPM_INSTALL_BCMATH}
          - INSTALL_PHPREDIS=${PHP_FPM_INSTALL_PHPREDIS}
          - INSTALL_MEMCACHED=${PHP_FPM_INSTALL_MEMCACHED}
          - INSTALL_OPCACHE=${PHP_FPM_INSTALL_OPCACHE}
          - INSTALL_EXIF=${PHP_FPM_INSTALL_EXIF}
          - INSTALL_AEROSPIKE_EXTENSION=${PHP_FPM_INSTALL_AEROSPIKE_EXTENSION}
          - INSTALL_MYSQLI=true
          - INSTALL_TOKENIZER=${PHP_FPM_INSTALL_TOKENIZER}
          - INSTALL_INTL=${PHP_FPM_INSTALL_INTL}
          - INSTALL_GHOSTSCRIPT=${PHP_FPM_INSTALL_GHOSTSCRIPT}
        dockerfile: "Dockerfile-${PHP_VERSION}"
      volumes_from:
        - applications
      volumes:
        - ./php-fpm/php${PHP_VERSION}.ini:/usr/local/etc/php/php.ini
      expose:
        - "9000"
      depends_on:
        - workspace
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
        - "subdomain.example.app:10.0.75.1"
      environment:
        - PHP_IDE_CONFIG=${PHP_IDE_CONFIG}
      networks:
        - backend

Answer 2

而不是添加到php-fpm容器的extra_hosts中。 修改Apache2容器的后端网络定义并添加别名。 这是您不必每次IP更改时都不断更改extra_hosts

    networks:
        frontend:              
        backend:
         aliases:
          - subdomain.example.app