个人中心
gpt4 book ai didi

node.js - Dockerized NGINX 反向代理 SSL

转载 作者:行者123 更新时间:2023-12-02 19:51:31 24 4
gpt4 key购买 nike

所以我的技术栈相当于:

  • NodeJS API 后端
  • ReactJS 前端
  • NGINX 反向代理
  • MongoDB(通过 Mongo Atlas 托管)

API 后端、ReactJS 应用程序和 NGINX 反向代理均使用 docker-compose 配置。所以它们都在各自的容器中。

我在为 SSL 配置 NGINX 网络服务器时遇到困难。我试过各种教程都无济于事。 This one getting me the closest.但它会在 acme-challenge 中失败并出现“连接被拒绝”错误。

这就是我的 nginx 配置 (nginx.dev.conf):

worker_processes  1;

events {
    worker_connections  1024;
}

http {

    sendfile             on;
    keepalive_timeout    65;
    client_max_body_size 5M;

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # Block alihack
    deny 23.27.103.106/32;

    upstream api {
        least_conn;
        server api:8080 max_fails=3 fail_timeout=30s;
    }

    upstream app {
        least_conn;
        server app:3000 max_fails=3 fail_timeout=30s;
    }

    server {
        listen 80;

        location / {
            return 301 https://app;
        }

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }
    }

    server {
        listen 443 ssl;

        if ($request_method = 'OPTIONS') {
            return 200;
        }

        ssl_certificate /etc/letsencrypt/live/*censoredurl*/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/*censoredurl*/privkey.pem;

        # To allow POST on static pages
        error_page  405     =200 $uri;

        location / {
            proxy_pass http://app;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            break;
        }

        location ~* \.(eot|otf|ttf|woff|woff2)$ {
            add_header Access-Control-Allow-Origin *;
        }

        location ~ /api/(?<url>.*) {
            proxy_pass http://api/$url;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        location /health-check {
            return 200;
            access_log off;
        }
    }

}

还有我的 docker compose:

version: '3.7'

services:
  server:
    build:
      context: ./server
      dockerfile: Dockerfile
    image: myapp-server
    ports:
      - '80:80'
    links:
      - api:api
      - app:app
    volumes:
      - ./server/certbot/conf:/etc/letsencrypt
      - ./server/certbot/www:/var/www/certbot
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
  certbot:
    image: certbot/certbot
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
  app:
    container_name: app
    build:
      context: ./frontend
      dockerfile: Dockerfile
    volumes:
      - './frontend:/usr/app/frontend/'
      - '/usr/app/frontend/node_modules'
    ports:
      - '3000:3000'
    environment:
      - NODE_ENV=development
  api:
    container_name: api
    build:
      context: ./backend
      dockerfile: Dockerfile
    volumes:
      - './backend:/usr/app/backend/'
      - '/usr/app/backend/node_modules'
    ports:
      - '8080'
    environment:
      - NODE_ENV=development

编辑我得到的错误

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for *domain*.com
http-01 challenge for www.*domain*.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain *domain*.com
Challenge failed for domain www.*domain*.com
http-01 challenge for *domain*.com
http-01 challenge for www.*domain*.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: *domain*.com
   Type:   connection
   Detail: Fetching
   http://*domain*.com/.well-known/acme-challenge/76vCqW16lDgy00XfjLoSGg9WnX5a757Xbdj2lzO2lnY:
   Connection refused

   Domain: www.*domain*.com
   Type:   connection
   Detail: Fetching
   http://www.*domain*.com/.well-known/acme-challenge/0Sfl0yltK75pcp_NVWcUaJhGNKgaR2thfdRcUxuF7zA:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

当我没有适当的 SSL 配置时,我的服务器工作正常。所以我知道我的 DNS 设置按预期工作。

最佳答案

nginx 处理你的 location routes topdown , 所以你首先需要你的 acme 配置

这是我的配置;


服务器 {
....
位置 ~/\.well-known/acme-challenge {
允许全部;
根/你的根;
try_files $uri $uri//$uri =418;
}
地点/{
返回 301 https://$host$request_uri;
}
....
}

关于node.js - Dockerized NGINX 反向代理 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60342528/

24 4 0
文章推荐: postgresql - 鹡鸰断言错误 "Unmatched tags: expected img, got p"
文章推荐: windows-7 - Windows 7 和 VB6 : Event Error ID 1000
文章推荐: rest - Grails REST 客户端插件 - 指定 header 数据
文章推荐: .net - .net core 3.1 docker build CS0101和CS0579错误
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com