[英]Docker Reverse Proxy, Nginx, MEAN Stack
大家好,我收到 400 個代碼響應。 我正在嘗試在 docker 上部署 MEAN 堆棧應用程序,因此我使用反向代理進行后端和前端通信,無需端口
我的 https://site.app/api 工作,但我的前端得到
400 錯誤請求將普通的 http 請求發送到 https
這對我來說是新的,所以我看了一些教程和帖子來解決它,但我沒有任何解決方案如果我只是將 ssl 放在前端它是有效的,但是當我嘗試發送數據或其他東西時,我的后端出現 ssl 錯誤連接相似的
我已經通過 url https://site.app/api 通過 postman 發送了數據,所以,我可以說它有效
DOCKERFILE
FROM node:14.3.0 As builder
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app/
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build --prod
FROM nginx:1.19
COPY --from=builder /usr/src/app/dist/advanced-angular/ /usr/share/nginx/html
RUN rm -rf /etc/nginx/conf.d/default.conf
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]
這是我的 docker-compose 文件
Docker 組成
version: "3.6" # Version del docker-compose
services: # Definir la lista de servicios que se crearan
frontend: # nombre del primer servicio
image: myImage
restart: always
container_name: frontend
# command: ["npm", "start"]
ports:
- "80:80" # Especificar el puerto que sera Mapeado
- "443:443"
volumes: #el volume donde estara el projecto para que pueda ser editatado
- ./ssl/:/etc/nginx/ssl/
- ./nginx-conf/:/etc/nginx/conf.d/
networks:
- webNet
depends_on:
- backend
- mongo
backend:
image: myImage
restart: always
container_name: backend
env_file: .env
environment:
- MONGO_USERNAME=$MONGO_USERNAME
- MONGO_PASSWORD=$MONGO_PASSWORD
- MONGO_HOSTNAME=mongo
- MONGO_PORT=$MONGO_PORT
- MONGO_DB=$MONGO_DB
# command: ["npm", "run", "dev"]
ports:
- "3000:3000"
# volumes:
# - ./api-server:/usr/src/app
networks:
- webNet
depends_on:
- mongo
mongo:
image: mongo:4.2.7-bionic
restart: always
container_name: mongo
env_file: .env
environment:
- MONGO_INITDB_ROOT_USERNAME=$MONGO_USERNAME
- MONGO_INITDB_ROOT_PASSWORD=$MONGO_PASSWORD
ports:
- "27017:27017"
networks:
- webNet
volumes:
- /opt/mongo/prod:/data/db
networks:
webNet:
driver: bridge
我的 nginx 配置nginx.conf
upstream frontend {
least_conn;
server frontend:443 max_fails=3 fail_timeout=30s;
}
upstream backend {
least_conn;
server backend:3000 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name vecin.app www.vecin.app;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/chain.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
location / {
proxy_pass http://frontend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_certificate /etc/nginx/ssl/chain.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/key.key;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# proxy_redirect http:// https://;
}
location /api{
proxy_pass http://backend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_certificate /etc/nginx/ssl/chain.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/key.key;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# proxy_redirect http:// https://;
}
root /usr/share/nginx/html/;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 80;
listen [::]:80;
server_name vecin.app www.vecin.app;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
我要承認我不是 nginx 高手,我在猜測解決方案。 我會發布這個答案,因為到目前為止沒有其他人給你答案。
I noticed the phrasing in you nginx.conf
file is slightly different than what I've seen on an online guide to redirecting all HTTP traffic to HTTPS on nginx. 您的文件在本節結束:
server {
listen 80;
listen [::]:80;
server_name vecin.app www.vecin.app;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
我看到的指南表明這種格式可能更合適:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
關鍵區別似乎是返回 301 永久重定向,而不是簡單地重寫 URL。 錯誤消息似乎是關於將 HTML 發送到期望 HTTPS 的端口。 這就是向我建議的 Docker 容器運行良好,Docker 網絡運行正常,nginx 正在運行。 這使得您重定向流量的機制成為主要嫌疑人。 讓我們知道這是否有效!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.