我最近把我的Fedora 36服务器换成了docker。我试着在一个反向代理后面设置trilium和我的filehosting。我对docker网络和nginx反向代理的基本知识有点茫然。我为每个容器设置了主机名,并验证了容器可以通过主机名互相ping,而主机系统不能。我将反向代理配置为也按主机名对容器进行寻址。
我可以通过http://host-system-ip:port访问容器,但是我不能通过反向代理或cloudflare的ip访问它们。当使用主机名时不能,当在nginx.conf中使用ip时也不能。Cloudflare只给我:Web server is down Error code 521 .
我已经检查了fedora的selinux策略是否有问题,在网上做了很多关于这个主题的研究,并尝试了很多不同的方法来解决这个问题。下面列出了相关的配置,如果有人能帮助我找到解决方案,我会非常高兴!(出于隐私原因,任何标有???的内容都被删除)。????是为了区分第二个域。
停靠-撰写.yml
version: "3.9" services: reverse-proxy: image: "nginx:stable-alpine" container_name: "reverse-proxy" networks: - frontend - backend hostname: "reverse-proxy" depends_on: - "filehost" - "trilium" volumes: - "~/dock/reverse-proxy/certs:/etc/nginx/certs:ro" - "~/dock/reverse-proxy/conf.d:/etc/nginx/conf.d:ro" - "~/dock/reverse-proxy/nginx.conf:/etc/nginx/nginx.conf:ro" ports: - "80:80" - "443:443" restart: "always" filehost: image: "nginx:stable-alpine" container_name: "filehost" networks: - backend hostname: "filehost" volumes: - "~/dock/filehost-data/html:/usr/share/nginx/html:ro" - "~/dock/filehost/conf.d:/etc/nginx/conf.d:ro" - "~/dock/filehost/nginx.conf:/etc/nginx/nginx.conf:ro" restart: "always" trilium: image: "zadam/trilium:latest" container_name: "trilium" networks: - backend hostname: "trilium" volumes: - "~/dock/trilium-data:/home/node/trilium-data" restart: "always" environment: USER_UID: "???" USER_GID: "???" networks: frontend: internal: false backend: internal: truenginx.conf(nginx -反向代理和文件主机)
# http://nginx.org/en/docs/ngx_core_module.html#worker_processes worker_processes auto; # http://nginx.org/en/docs/ngx_core_module.html#error_log error_log /var/log/nginx/error.log; # http://nginx.org/en/docs/ngx_core_module.html#pid pid /run/nginx.pid; # http://nginx.org/en/docs/ngx_core_module.html#include include /usr/share/nginx/modules/*.conf; # https://nginx.org/en/docs/ngx_core_module.html#events events { # http://nginx.org/en/docs/ngx_core_module.html#worker_connections worker_connections 1024; } # http://nginx.org/en/docs/http/ngx_http_core_module.html#http http { # http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log access_log /var/log/nginx/access.log combined; # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/mime.types; # https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type default_type application/octet-stream; # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/sites-enabled/*.conf; }反向代理.conf(nginx -反向代理)
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server server { # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/ssl.conf; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate ssl_certificate /etc/nginx/certs/???.pem; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key ssl_certificate_key /etc/nginx/certs/???.key; # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name server_name ??? www.???; # https://nginx.org/en/docs/http/ngx_http_core_module.html#location location / { # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/common-location.conf; # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxy_pass http://filehost:???/; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect proxy_redirect http://filehost:??? https://???; } # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/common.conf; } # http://nginx.org/en/docs/http/ngx_http_core_module.html#server server { # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen listen 443 ssl http2; listen [::]:443 ssl http2; # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/ssl.conf; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate ssl_certificate /etc/nginx/certs/????.pem; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key ssl_certificate_key /etc/nginx/certs/????.key; # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name server_name ???? www.????; # https://nginx.org/en/docs/http/ngx_http_core_module.html#location location / { # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/common-location.conf; # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxy_pass http://trilium:???/; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect proxy_redirect http://trilium:??? https://????; } # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/common.conf; } # http://nginx.org/en/docs/ngx_core_module.html#include include /etc/nginx/conf.d/redirect.conf;/etc/nginx/配置文件.d/ssl.conf(nginx -反向代理)
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols ssl_protocols TLSv1.3; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM'; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve ssl_ecdh_curve secp384r1; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers ssl_prefer_server_ciphers on; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam ssl_dhparam /etc/nginx/certs/dhparam.pem; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache ssl_session_cache shared:SSL:10m; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout ssl_session_timeout 10m; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets ssl_session_tickets off; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling ssl_stapling on; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling_verify ssl_stapling_verify on; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client ssl_verify_client on; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate ssl_client_certificate /etc/nginx/certs/authenticated_origin_pull_ca.pem; # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate ssl_trusted_certificate /etc/nginx/certs/origin_ca_ecc_root.pem;/etc/nginx/conf.d/公共位置配置文件(nginx -反向代理)
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version proxy_http_version 1.1; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass proxy_cache_bypass $http_upgrade; # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout proxy_read_timeout 90; # https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/httpheaders.htm proxy_set_header X-Real-IP $remote_addr; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto proxy_set_header X-Forwarded-Proto $scheme; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host proxy_set_header Host $host; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host proxy_set_header X-Forwarded-Host $host; # https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/httpheaders.htm proxy_set_header X-Forwarded-Port $server_port; # http://nginx.org/en/docs/http/websocket.html ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade proxy_set_header Upgrade $http_upgrade; ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection proxy_set_header Connection 'upgrade';/etc/nginx/conf.d/common.conf(nginx -反向代理服务器)
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security add_header Strict-Transport-Security "max-age=15780000; includeSubDomains; preload" always; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options add_header X-Frame-Options SAMEORIGIN; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection add_header X-XSS-Protection "1; mode=block"; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options add_header X-Content-Type-Options nosniff; # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens server_tokens off; # http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip gzip off; # http://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile sendfile on; # http://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush tcp_nopush on; # http://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nodelay tcp_nodelay on; # http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout keepalive_timeout 65; # http://nginx.org/en/docs/http/ngx_http_core_module.html#types_hash_max_size types_hash_max_size 4096; # http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size client_max_body_size 0;/etc/nginx/conf.d/重定向.conf(nginx -反向代理)
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server server { # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen listen 80; listen [::]:80; # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name server_name _; # http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return return 301 https://$host$request_uri; }???.conf(nginx -文件主机)
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server server { # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen listen 80 default_server; listen [::]:80 default_server; # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name server_name ??? www.???; # https://nginx.org/en/docs/http/ngx_http_core_module.html#location location / { # http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex autoindex on; # http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_exact_size autoindex_exact_size off; # http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_format autoindex_format html; # http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_localtime autoindex_localtime off; } # http://nginx.org/en/docs/http/ngx_http_core_module.html#root root /usr/share/nginx/html; }原文链接:https://www.saoniuhuo.com/question/detail-2151311.html
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
