我设置了一个测试环境,将docker, nginx放在grpc服务器之前。下面是我的配置
docker-compose
version: '3.8'
services:
web:
build: .
command: gunicorn --timeout 100 --workers 2 --threads 4 django_root.wsgi:application --bind 0.0.0.0:8000
volumes:
- static_volume:/public/django_root/static
expose:
- 8000
env_file:
- ./.env.dev
grpc:
build: .
command: python manage.py grpcrunserver 0.0.0.0:50051
env_file:
- ./.env.dev
nginx:
build:
context: ./nginx
dockerfile: Dockerfile-secure
volumes:
- static_volume:/public/django_root/static
ports:
- 1337:80
- 443:50052
depends_on:
- web
- grpc
volumes:
static_volume:
Dockerfile-secure
FROM nginx:1.19.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx-secure.conf /etc/nginx/conf.d
nginx-secure.conf
upstream django_root {
server web:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_root;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /public/django_root/static/;
}
}
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
server {
listen 50052 ssl http2;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
access_log /var/log/nginx/a.log;
error_log /var/log/nginx/e.log;
location / {
grpc_pass grpc://grpc:50051;
}
}
我遇到的问题是端口443不像我在docker-compose文件中设置的那样工作,但是如果我用8443替换它,那么我的客户端可以与grpc服务器通信。我可以从我的客户端看到端口443使用的错误
E0211 15:08:05.178000000 22572 src/core/tsi/ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
我在本地主机上为这个测试环境使用自签名证书,这可能是问题吗?在nginx站点和docker站点中,我没有看到443被禁用。在这方面需要帮助,并且在这种情况下不允许443,请参考我的文件。
证明它是证书本身。使用let'sencrypt替换自签名证书并部署到aws可以使端口443正常工作。