上下文
我的应用程序在我的私人服务器上以全局Nginx作为反向代理运行,没有出现任何问题。然而,对于我的项目,我需要将其部署在我大学的服务器上,在那里我需要将所有这些移动到我的容器中,但我无法使其工作。
常规项目设置
设置简介:我有我的前端ui,这是我用vue构建的一个简单的PWA,它也使用Firebase Messaging进行通知。通知令牌通过我的通知管理器(一个spring应用程序(存储在数据库中,它还执行所有数据库查询,如删除令牌等。我的第三个ui是通知ui,它提供了一个简单的(vue(前端,用于通过firebase发送通知,因此它还与数据库交互以检索令牌。所有项目都位于一个带有docker compose的文件夹中
我需要我的两个前端来提供https。
Nginx/Docker设置
前端ui
我的前端ui有以下Nginx配置,证书在证书文件夹中:
server {
listen 80;
server_name SERVERNAME;
# Redirect all traffic to SSL
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
add_header Strict-Transport-Security "max-age=31536000";
server_name SERVERNAME;
## Access and error logs.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
## Server certificate and key.
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.cert;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /usr/share/nginx/html;
location / {
try_files $uri $uri/ =404;
}
location /api {
proxy_pass http://127.0.0.1:42372;
}
}
这个Dockerfile:
# build stage
FROM node:lts-alpine as build-stage
WORKDIR /app
COPY package*.json /app/
RUN npm install
COPY . .
RUN npm run build
#COPY default.conf /etc/nginx/conf.d/
#COPY certificates/nginx.cert /etc/ssl/
#COPY certificates/nginx.key /etc/ssl/
# production stage
FROM nginx:stable-alpine as production-stage
COPY certificates/nginx.cert /etc/nginx/ssl/
COPY certificates/nginx.key /etc/nginx/ssl/
COPY default.conf /etc/nginx/conf.d/
COPY --from=build-stage /app/dist /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]
通知ui
我的通知ui有以下Nginx配置,证书在文件夹证书中:
server {
listen 80;
server_name SERVERNAME;
# Redirect all traffic to SSL
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
add_header Strict-Transport-Security "max-age=31536000";
server_name SERVERNAME;
## Access and error logs.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
## Server certificate and key.
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.cert;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /usr/share/nginx/html;
location / {
try_files $uri $uri/ =404;
}
location /api {
proxy_pass http://127.0.0.1:42372;
}
}
这个Dockerfile:
# build stage
FROM node:lts-alpine as build-stage
WORKDIR /app
COPY package*.json /app/
RUN npm install
COPY . .
RUN npm run build
#COPY default.conf /etc/nginx/conf.d/
#COPY certificates/nginx.cert /etc/ssl/
#COPY certificates/nginx.key /etc/ssl/
# production stage
FROM nginx:stable-alpine as production-stage
COPY certificates/nginx.cert /etc/nginx/ssl/
COPY certificates/nginx.key /etc/nginx/ssl/
COPY default.conf /etc/nginx/conf.d/
COPY --from=build-stage /app/dist /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]
通知后端
我的后端没有Nginx配置,因为它本身并不需要它。Dockerfile看起来像这样:
### BUILDER
FROM maven:3.6.3-jdk-11-slim as builder
RUN mkdir -p /build
WORKDIR /build
COPY pom.xml /build
#Download dependencies
#RUN mvn -B dependency:resolve dependency:resolve-plugins
#copy src-code
COPY src /build/src
#Build application
RUN mvn clean install
### RUNTIME
FROM openjdk:11-slim as runtime
ENV APP_HOME /
#Create folders for config and logging
RUN mkdir $APP_HOME/config
RUN mkdir $APP_HOME/log
VOLUME $APP_HOME/log
VOLUME $APP_HOME/config
WORKDIR $APP_HOME
#Copy jar from builder
COPY --from=builder /build/target/*.jar notificationmanager.jar
ENTRYPOINT ["java","-jar","notificationmanager.jar", "de.hsa.frontend.notificationmanager.NotificationmanagerApplication"]
部署
我使用docker compose:部署网络
version: '3.2'
services:
backend:
image: notificationmanager-be:1
build:
context: ./notificationmanager
dockerfile: ./Dockerfile
ports:
- "42372:8085"
networks:
- notificationmanager
restart: on-failure:5
notification-ui:
image: notificationmanager-ui:1
build:
context: ./notificationmanager-ui
dockerfile: ./Dockerfile
ports:
- "42373:80"
- "42376:443"
networks:
- notificationmanager
db:
image: postgres
ports:
- "42374:5432"
environment:
- POSTGRES_USER=USERNAME
- POSTGRES_PASSWORD=PASSWORD
- POSTGRES_DB=DATABASE
volumes:
- data:/var/lib/postgresql/data/
restart: on-failure:5
frontend-ui:
image: frontend-ui:1
build:
context: ./frontend-ui
dockerfile: ./Dockerfile
ports:
- "42375:80"
- "42377:443"
networks:
- notificationmanager
networks:
notificationmanager:
driver: bridge
volumes:
data:
driver: local
我添加了443端口的映射,作为最后一个想法,解释为什么它可能不起作用,这样我也可以再次取出它。我真的看不出与我看过的在线教程有多大区别,但我在尝试打开网页时仍然会遇到SSL错误(ERR_SSL_PROTOCOL_error(,开发工具没有显示任何错误,前端ui的日志看起来是这样的(其他类似(:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/03/29 11:55:04 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:23
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:23
10.144.43.100 - - [29/Mar/2021:11:55:53 +0000] "x16x03x01x02x00x01x00x01xFCx03x03xB1xC7" 400 157 "-" "-" "-"
10.144.43.100 - - [29/Mar/2021:11:55:53 +0000] "x16x03x01x02x00x01x00x01xFCx03x03:XxFBx83xADx18x13n^xF4x06:xEDx93~;xB2%jxD0xACxDCxFB#WxCB)bx16rxC9xCE xFEx1FuxA3Y;xB2xC0xFBx11 x02xDEx91=$U" 400 157 "-" "-" "-"
10.144.43.100 - - [29/Mar/2021:11:55:54 +0000] "x16x03x01x02x00x01x00x01xFCx03x03Bpx91xA8xC6h)x81xA41x12xAAlxF4xD1qxA8xEAxC6{xC4x0Bx83xA9xE1xFCJ@1#x1FxB9 ?xCFVxA7x0Fvxx1CxF5xF5xA4x0BxAFxA2Z>xB4xCAxC4!i;F6xC0x1FxB5Hx94xC4xBCx19x00x22::x13x01x13x02x13x03xC0+xC0/xC0,xC00xCCxA9xCCxA8xC0x13xC0x14x00x9Cx00x9Dx00/x005x00" 400 157 "-" "-" "-"
10.144.43.100 - - [29/Mar/2021:11:55:54 +0000] "x16x03x01x02x00x01x00x01xFCx03x03x9D#Ju;j24xC0xF6xEAxDCxBFxFAx0E;xBDJx030xD4xF6xE8Vx88IxB8/'xA6Vj xA1Bx17x5C$" 400 157 "-" "-" "-"
我做了一些重命名以提高可读性,并试图删除我在可能的问题上的所有(失败的(尝试,所以如果我在某个地方失败了,我很抱歉。我不得不删除一些值(比如数据库的登录数据(,所以我只是在那里写了占位符,当然文件已经完全填满了
有人能指出我的错误吗?
我看不出您在dockerfiles中公开端口的位置。我想你会想把这个添加到你的nginx dockerfiles 中
EXPOSE 80 443
这是你的java dockerfile
EXPOSE 8085
一旦暴露了这些端口,您可能会遇到反向代理的问题。每个容器都有自己的localhost,所以在nginx配置中,这一行不起作用。
proxy_pass http://127.0.0.1:42372;
您可以访问后端容器";直接";而无需通过docker主机。尝试将该行更改为
proxy_pass http://backend:8085;
同样,我怀疑您正试图使用localhost:42374连接到数据库。您可能需要将其更改为db:5432。