在nginx docker容器上强制使用https
我已经建立了一个使用三个Docker容器(mysql、nginx和php7.0-fpm)的网站。我已经通过SSL设置了所有内容,以便直接建立连接。问题是,与的连接会导致“拒绝连接”错误 以下是我的(相关)设置: docker compose.yml在nginx docker容器上强制使用https,docker,nginx,https,Docker,Nginx,Https,我已经建立了一个使用三个Docker容器(mysql、nginx和php7.0-fpm)的网站。我已经通过SSL设置了所有内容,以便直接建立连接。问题是,与的连接会导致“拒绝连接”错误 以下是我的(相关)设置: docker compose.yml services: nginx: build: ./nginx/ ports: - 443:443 volumes: -
services:
nginx:
build: ./nginx/
ports:
- 443:443
volumes:
- ${APPLICATION_ROOT}:/${WEBROOT}
- ./ssl:/etc/nginx/ssl
- ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
restart: always
depends_on:
- php
environment:
ENVIRONMENT: "${APPLICATION_ENV}"
URL: "${APPLICATION_URL}"
container_name: nginx
php:
build: ./php/
ports:
- 8080:80
volumes:
- ${APPLICATION_ROOT}:/${WEBROOT}
restart: always
depends_on:
- mysql
environment:
ENVIRONMENT: "${APPLICATION_ENV}"
URL: "${APPLICATION_URL}"
MYSQL_HOST: "${DB_HOST}"
MYSQL_DATABASE: "${DB_NAME}"
MYSQL_USER: "${DB_USERNAME}"
MYSQL_PASSWORD: "${DB_PASSWORD}"
container_name: php
环境变量存储在.env
文件中
Dockerfile
FROM nginx:latest
# Update package libraries
RUN apt-get update -y && \
apt-get install -y \
nano \
curl \
wget \
unzip \
libmcrypt-dev \
default.conf
server {
listen 80;
index index.php index.html;
server_name $URL_from_env;
return 301 https://$host$request_uri;
}
server{
listen 443 ssl http2;
index index.php index.html;
server_name $URL_from_env;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
# set max upload
client_max_body_size 500M;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/cert.key;
# use fastcgi for all php files
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
# include fastcgi parameters
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# rewrite url's & parse through index
location / {
try_files $uri $uri/ /hub/index.php?$args;
# set max upload
client_max_body_size 500M;
}
}
我原以为nginx配置的第一部分应该强制通过https传输流量,但显然没有。我遗漏了什么?在您的compose文件中,您仍然需要授予nginx对端口80的访问权,以便它可以在内部重新连接。否则,您将尝试连接到一个关闭的端口,这将导致“连接被拒绝”
services:
nginx:
build: ./nginx/
ports:
- 443:443
- 80:80
volumes:
- ${APPLICATION_ROOT}:/${WEBROOT}
- ./ssl:/etc/nginx/ssl
- ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
restart: always
depends_on:
- php
environment:
ENVIRONMENT: "${APPLICATION_ENV}"
URL: "${APPLICATION_URL}"
container_name: nginx