如何为反向代理配置nginx以隐藏运行docker容器的端口?
如何为反向代理配置nginx以隐藏运行docker容器的端口?,docker,nginx,docker-compose,ssl-certificate,nginx-reverse-proxy,Docker,Nginx,Docker Compose,Ssl Certificate,Nginx Reverse Proxy,我有两个docker容器-前端(Angular 8)和api(Node),前端默认在端口81上工作,api在端口1337上工作。我还注册了一个域,其中两个应用程序都可用,并添加了ssl配置。但是,它的工作方式是,前端可在www.example.com上使用,api可在www.example.com:1337上使用。我想知道是否有办法设置nginx配置,以便在www.example.com上为前端提供服务,在www.example.com/api上为api提供服务,并在端口443上侦听这两个容器?
我有两个docker容器-前端(Angular 8)和api(Node),前端默认在端口81上工作,api在端口1337上工作。我还注册了一个域,其中两个应用程序都可用,并添加了ssl配置。但是,它的工作方式是,前端可在www.example.com上使用,api可在www.example.com:1337上使用。我想知道是否有办法设置nginx配置,以便在www.example.com上为前端提供服务,在www.example.com/api上为api提供服务,并在端口443上侦听这两个容器?提前感谢你的帮助 反向代理的nginx.conf docker-compose.yml的一部分负责反向代理
为什么代理具有用于后端服务的
端口:
?它看起来没有在任何一个端口上侦听,因此连接到任何一个端口都会给您一条“连接重置”类型的消息。为什么代理有端口:
用于后端服务?它看起来不像是在任何一个端口上侦听,因此连接到任何一个端口都会显示“连接重置”类型的消息。
http {
upstream frontend {
server frontend:81;
}
upstream api {
server api:1337;
}
server {
listen 80;
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com example.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location /api {
try_files $uri @api;
}
location / {
try_files $uri @frontend;
}
location @frontend {
proxy_pass http://frontend;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
location @api {
proxy_pass http://api;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
}
}
reverse:
container_name: reverseProxy
hostname: reverse
image: nginx:latest
ports:
- "80:80"
- "81:81"
- "1337:1337"
- "443:443"
volumes:
- ./defaultnginx.conf:/etc/nginx/nginx.conf
- /usr/share/nginx/html:/usr/share/nginx/html
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- frontend
- api