带有Docker-LetsEncrypt的Nginx反向代理
有人看到我的Nginx反向代理出错了吗?我得到了一个502坏网关,我似乎无法找出我的端口是错误的 Nginx /etc/nginx/sites enabled/default带有Docker-LetsEncrypt的Nginx反向代理,docker,nginx,docker-compose,nginx-reverse-proxy,Docker,Nginx,Docker Compose,Nginx Reverse Proxy,有人看到我的Nginx反向代理出错了吗?我得到了一个502坏网关,我似乎无法找出我的端口是错误的 Nginx /etc/nginx/sites enabled/default upstream reverse_proxy { server 35.237.158.31:8080; } server { listen 80; server_name 35.237.158.31; location / {
upstream reverse_proxy {
server 35.237.158.31:8080;
}
server {
listen 80;
server_name 35.237.158.31;
location / {
proxy_pass http://reverse_proxy;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}
}
/etc/nginx/sites enabled/jesse.red[VHOST]
upstream jessered {
server 127.0.0.1:2600; # <-- PORT 2600
}
server {
server_name jesse.red;
#root /var/www/jesse.red/;
# ---------------------------------------------------------------
# Location
# ---------------------------------------------------------------
location / {
proxy_pass http://jessered;
#proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 90;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jesse.red/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jesse.red/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = jesse.red) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name jesse.red;
listen 80;
return 404; # managed by Certbot
}
/var/www/jesse.red/docker compose.yml
version: '3.1'
services:
jessered:
container_name: jesse.red
image: wordpress:4-fpm-alpine
restart: always
ports:
- 2600:80 # <-- PORT 2600
env_file:
- ./config.env # Contains .gitignore params
系统
$ ps aux | grep 2600
下面,端口2600正在使用中
root 1885 0.0 0.1 232060 3832 ? Sl Jul02 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 2600 -container-ip 172.20.0.2 -container-port 80
我不确定哪里出了问题,非常感谢您的帮助。我已经搜索了很多地方,在询问之前还没有找到答案。Nginx请求处理选择这样一个服务器块: 检查
listen
指令中的IP:port精确匹配项,如果没有匹配项,则检查IP或port匹配项。没有端口的IP地址被视为端口80
然后从这些匹配中检查请求的主机头,以匹配匹配块中的server\u name
指令。如果找到匹配项,则该服务器处理该请求;如果未找到匹配项,则假定未设置任何default\u server
指令,则该请求将传递到配置中首先列出的服务器
所以你有服务器名称35.237.158.31端口80上的代码>和服务器名称jesse.red代码>也在端口80上
IP地址应该是listen
指令的一部分,而不是server\u name
,尽管这可能与某些请求相匹配。假设这是从外部世界访问的,它不太可能出现在任何人的主机头中
假设没有匹配项,那么它将通过端口匹配传递给Nginx首先找到的任何服务器,我假设Nginx在包含文件时将按字母顺序工作,因此您的配置将按如下方式加载:
/etc/nginx/站点已启用/默认
/etc/nginx/sites enabled/jesse.red
现在,在端口80上没有主机匹配或主机字段中有ip地址的所有请求都被代理到:
upstream reverse_proxy {
server 35.237.158.31:8080;
}
这是我的猜测,您的Nginx日志可能会给您一个相当明确的答案。返回502坏网关的网络请求(URL)是什么?它是通过本地机器还是通过互联网?
root 1885 0.0 0.1 232060 3832 ? Sl Jul02 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 2600 -container-ip 172.20.0.2 -container-port 80
upstream reverse_proxy {
server 35.237.158.31:8080;
}