[英]Docker swarm can't reach worker nodes
所以,我设置了一个 docker swarm 并在其上连接了一个工作人员并部署了一个包含 4 个服务的堆栈:
这是我的堆栈文件:
version: "3.7"
services:
generator:
image: musicorum/generator:latest
restart: always
environment:
- 'XXXX=XXXX'
deploy:
resources:
reservations:
memory: 860M
placement:
constraints:
- "node.labels.generator==yes"
ports:
- 5000:5000
networks:
- proxy_ext
- netg
volumes:
- type: bind
source: /home/musicorum/cache
target: /usr/src/app/cache
api:
image: musicorum/api:latest
restart: always
environment:
- 'XXXX=XXXX'
networks:
- proxy_ext
ports:
- 4500:4500
deploy:
placement:
constraints:
- "node.labels.generator!=yes"
scheduler:
image: musicorum/scheduler:latest
restart: always
environment:
- 'XXXX=XXXX'
ports:
- 6500:6500
networks:
- proxy_ext
deploy:
placement:
constraints:
- "node.labels.generator!=yes"
proxy:
image: nginx:latest
restart: always
networks:
- proxy_ext
- netg
ports:
- 80:80
- 443:443
configs:
- source: nginx_4
target: /etc/nginx/conf.d/default.conf
- source: sslcrt
target: /etc/ssl/musicorumapp/ssl.crt
- source: sslkey
target: /etc/ssl/musicorumapp/ssl.key
depends_on:
- scheduler
- api
- generator
deploy:
placement:
constraints:
- "node.labels.generator!=yes"
configs:
nginx_4:
external: true
sslcrt:
external: true
sslkey:
external: true
networks:
proxy_ext:
external: true
netg:
driver: overlay
attachable: true
正如你所看到的,它们连接在同一个网络上,我什至创建了proxy_ext
和netg
来仔细检查连接,但是 Nginx 在启动时给出了这个消息:
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/07/07 13:32:17 [emerg] 1#1: host not found in upstream "musicorum_generator" in /etc/nginx/conf.d/default.conf:30
nginx: [emerg] host not found in upstream "musicorum_generator" in /etc/nginx/conf.d/default.conf:30
我不知道为什么管理节点上的 Nginx 无法访问工作节点上的生成器容器。 如果有帮助,这是我的default.conf
:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/musicorumapp/ssl.crt;
ssl_certificate_key /etc/ssl/musicorumapp/ssl.key;
server_name api.musicorumapp.com;
location / {
proxy_pass http://musicorum_api:4500/;
}
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/musicorumapp/ssl.crt;
ssl_certificate_key /etc/ssl/musicorumapp/ssl.key;
server_name scheduler.musicorumapp.com;
location / {
proxy_pass http://musicorum_scheduler:6500/;
}
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/musicorumapp/ssl.crt;
ssl_certificate_key /etc/ssl/musicorumapp/ssl.key;
server_name generator.musicorumapp.com;
location / {
proxy_pass http://musicorum_generator:5000/;
}
}
在您的default.conf
中,您需要通过服务名称引用服务。 这是内部 DNS 将解析的名称。
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/musicorumapp/ssl.crt;
ssl_certificate_key /etc/ssl/musicorumapp/ssl.key;
server_name api.musicorumapp.com;
location / {
proxy_pass http://api:4500/; <------ 'api' is the service name
}
}
如果反向代理服务器在堆栈网络外部运行,则只需在堆栈名称前加上前缀,但由于它们都在同一个网络上,DNS 将单独解析服务名称。
您还可以删除堆栈 yaml 文件中所有应用程序(反向代理除外)上的ports: 8000:8000
,因为您希望通过反向代理路由流量,而不是将端口绑定到主机。 这也可能导致安全漏洞。 docker 网络中没有端口限制。 如果应用程序正在侦听 8000,您的反向代理可以通过堆栈覆盖网络内的http://service-name:8000
联系。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.