nginx的和泊坞窗 - 转发端口80/443 3000
我使用泊坞窗,撰写到config我用meteor
应用程序容器和容器nginx
应用程序,这是我docker-compose
文件:nginx的和泊坞窗 - 转发端口80/443 3000
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
我使用nginx
来处理HTTPS请求。 我想要做的是配置nginx
,这样,当用户访问my.app.url
我可以得到端口443
工作meteor
应用(3000端口)。
顺便说一句,这里的nginx
配置,我使用:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location/{
rewrite^https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
}
在先进的感谢这么多!
我懂了。这是我如何改良我的docker-compose.yml
文件:
version: '2'
services:
webapp:
image: webapp.image.uri:latest
ports:
- "3000:3000"
environment:
- ROOT_URL=https://my.app.url
nginx:
image: nginx.image.uri:latest
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
ports:
- "80:80"
- "443:443"
links: # new
- webapp
volumes_from:
- webapp
这是nginx
配置文件:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
location/{
rewrite^https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.app.url;
ssl on;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/my.app.url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.app.url/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
location/{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://webapp:3000;
}
}
您可以删除'ports:3000:3000'。重要的是nginx配置 –
我想要做的是Nginx的配置,这样,当用户访问my.app.url我能得到流星应用端口工作443
可以使用nginx_http_rewrite_module到HTTP重定向到https永久。 您的第一台服务器块改成这样:
server {
listen 80;
listen [::]:80;
server_name my.app.url;
return 301 https://my.app.url$request_uri;
}
更多nginx_http_rewrite_module,你可以参考这个http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return
关于端口转发,想象你的应用服务器监听的端口3000,您可以将上游块添加到HTTP块。
upstream app {
server 127.0.0.1:3000; #image the nginx is in same machine with your app server
}
这行添加到您的第二个服务器模块:
proxy_pass https://app;
而现在从外面所有的连接将使用HTTPS,你的应用程序在听取3000端口也可以从443
谢谢,但我的意思是当用户访问'my.app.url',我可以得到流星应用程序**(端口3000)**工作在端口443 – sonlexqt
你要寻找的是配置nginx的反向代理:https://开头WWW。 nginx.com/resources/admin-guide/reverse-proxy/ – napcae