Fatal编程技术网
  • docker/
  • 在nginx docker容器上强制使用https

在nginx docker容器上强制使用https

docker nginx https

在nginx docker容器上强制使用https,docker,nginx,https,Docker,Nginx,Https,我已经建立了一个使用三个Docker容器(mysql、nginx和php7.0-fpm)的网站。我已经通过SSL设置了所有内容,以便直接建立连接。问题是,与的连接会导致“拒绝连接”错误 以下是我的(相关)设置: docker compose.yml services: nginx: build: ./nginx/ ports: - 443:443 volumes: -

我已经建立了一个使用三个Docker容器(mysql、nginx和php7.0-fpm)的网站。我已经通过SSL设置了所有内容,以便直接建立连接。问题是,与的连接会导致“拒绝连接”错误

以下是我的(相关)设置:

docker compose.yml

services:
     nginx:
          build: ./nginx/
          ports:
               - 443:443
          volumes:
               - ${APPLICATION_ROOT}:/${WEBROOT}
               - ./ssl:/etc/nginx/ssl
               - ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
          restart: always
          depends_on:
               - php
          environment:
               ENVIRONMENT: "${APPLICATION_ENV}"
               URL: "${APPLICATION_URL}"
          container_name: nginx

 php:
      build: ./php/
      ports:
           - 8080:80
      volumes:
           - ${APPLICATION_ROOT}:/${WEBROOT}
      restart: always
      depends_on:
           - mysql
      environment:
           ENVIRONMENT: "${APPLICATION_ENV}"
           URL: "${APPLICATION_URL}"
           MYSQL_HOST: "${DB_HOST}"
           MYSQL_DATABASE: "${DB_NAME}"
           MYSQL_USER: "${DB_USERNAME}"
           MYSQL_PASSWORD: "${DB_PASSWORD}"
      container_name: php
环境变量存储在
.env
文件中

Dockerfile

FROM nginx:latest

# Update package libraries
RUN apt-get update -y && \
     apt-get install -y \
          nano \ 
          curl \
          wget \
          unzip \
          libmcrypt-dev \
default.conf

server {
     listen 80;
     index index.php index.html;
     server_name $URL_from_env;
     return 301 https://$host$request_uri;
}

server{
     listen 443 ssl http2;
     index index.php index.html;
     server_name $URL_from_env;
     error_log  /var/log/nginx/error.log;
     access_log /var/log/nginx/access.log;
     root /var/www/html/public;

     # set max upload
     client_max_body_size 500M;

     ssl    on;
     ssl_certificate    /etc/nginx/ssl/cert.pem;
     ssl_certificate_key    /etc/nginx/ssl/cert.key;

     # use fastcgi for all php files
     location ~ \.php$ {
          try_files $uri =404;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass php:9000;
          fastcgi_index index.php;

          # include fastcgi parameters
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
     }

     # rewrite url's & parse through index
     location / {
          try_files $uri $uri/ /hub/index.php?$args;

          # set max upload
          client_max_body_size 500M;
     }
}
我原以为nginx配置的第一部分应该强制通过https传输流量,但显然没有。我遗漏了什么?

在您的compose文件中,您仍然需要授予nginx对端口80的访问权,以便它可以在内部重新连接。否则,您将尝试连接到一个关闭的端口,这将导致“连接被拒绝”

services:
 nginx:
      build: ./nginx/
      ports:
           - 443:443
           - 80:80
      volumes:
           - ${APPLICATION_ROOT}:/${WEBROOT}
           - ./ssl:/etc/nginx/ssl
           - ./nginx/config/default.conf:/etc/nginx/conf.d/default.conf
      restart: always
      depends_on:
           - php
      environment:
           ENVIRONMENT: "${APPLICATION_ENV}"
           URL: "${APPLICATION_URL}"
      container_name: nginx