gpt4 book ai didi

ruby-on-rails - 反向代理 SSL 将端口 9000 重定向到 Rails 应用程序和 Portainer 上的 https 协议(protocol)

转载 作者:太空宇宙 更新时间:2023-11-03 14:26:08 25 4
gpt4 key购买 nike

我正在为我的 APP on Rails 创建一个完整的管理服务,我的 APP 在 SSL 上运行,但是当我运行 docker compose 时,所有服务都运行正常,当我访问 portainer 等服务时,它工作正常当我访问我的应用程序时很好,它重定向到 443 端口到 SSL,然后当我再次尝试访问 portainer 时,它重定向到 https 协议(protocol)并保留端口,但服务器不可访问。

这是我的docker-compose 文件:

version: '3.7'

services:
redis:
image: 'redis:latest'
restart: always
hostname: redis
networks:
- default
volumes:
- 'redis:/data'

db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
hostname: db
environment:
MYSQL_ROOT_PASSWORD: 123456
MYSQL_DATABASE: printi_automation
MYSQL_USER: root
networks:
- default
ports:
- "33061:33061"
volumes:
- datavolume:/var/lib/mysql

adminer:
image: adminer
restart: always
networks:
- default
ports:
- 8080:8080

portainer:
image: portainer/portainer
restart: always
hostname: portainer
ports:
- '9000:9000'
networks:
- default
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
- 'portainer_data:/data'

app:
image: optimum
restart: always
hostname: app
depends_on:
- 'redis'
- 'db'
- 'hub'
build:
context: .
dockerfile: Dockerfile
command: bash -c "rm -rf tmp/pids/server.pid && rails server -p 3000 -b '0.0.0.0'"
volumes:
- .:/app
- .:/test
networks:
- default
ports:
- 3000:3000
env_file:
- '.env'

nginx:
image: nginx:1.17.1-alpine
restart: always
depends_on:
- 'app'
- 'portainer'
networks:
- default
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

certbot:
image: certbot/certbot
restart: always
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

volumes:
redis:
datavolume:
portainer_data:

networks:
default:
driver: bridge

还有我的app.conf:

# generated 2019-07-10, https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name optimum.localhost.com;

gzip off;

location / {
return 301
https://$host$request_uri;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name optimum.localhost.com;

gzip off;

location / {
proxy_pass http://app:3000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
}

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/optimum.localhost.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/optimum.localhost.com/privkey.pem;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions

# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

# replace with the IP address of your resolver
# resolver 127.0.0.1;

include /etc/letsencrypt/options-ssl-nginx.conf;
}

使用上面的代码,本地和在线服务器在我访问我的应用程序后重定向到 https 协议(protocol),我可以在我的服务上尝试任何端口,但它不会工作。

我怎样才能防止这种情况发生?

谢谢。

最佳答案

看起来你的 nginx 正在添加 HSTS header

add_header Strict-Transport-Security "max-age=63072000" always;

在此处阅读有关 HSTS 的更多信息:https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

关于ruby-on-rails - 反向代理 SSL 将端口 9000 重定向到 Rails 应用程序和 Portainer 上的 https 协议(protocol),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57044067/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com