我正在按照本教程进行操作,并将与芹菜背景相关的代码调整到我的项目中。
就我而言,我在Docker环境中运行,并且我有一个安全的站点(即 https://localhost(。
我调整了安全连接的代码,如下所示:
key_file = '/etc/nginx/ssl/localhost.key'
cert_file = '/etc/nginx/ssl/localhost.crt'
ca_file = '/etc/nginx/ssl/localhost.ca.crt'
app.config['CELERY_BROKER_URL'] = 'rediss://redis:6380/0'
app.config['CELERY_RESULT_BACKEND'] = 'rediss://redis:6380/0'
def make_celery(app):
"""Setup celery."""
celery = Celery(app.import_name,
backend=app.config['CELERY_RESULT_BACKEND'],
broker=app.config['CELERY_BROKER_URL'],
broker_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
},
redis_backend_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
})
我的 docker 撰写文件如下所示:
version: '3'
services:
web:
restart: always
build:
context: ./web
dockerfile: Dockerfile
expose:
- "8000"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
command: /usr/local/bin/gunicorn -w 2 -t 3600 -b :8000 project:app
depends_on:
- postgres
stdin_open: true
tty: true
nginx:
restart: always
build:
context: ./nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
depends_on:
- web
postgres:
restart: always
build:
context: ./postgresql
dockerfile: Dockerfile
volumes:
- data1:/var/lib/postgresql/data
expose:
- "5432"
redis:
container_name: redis
hostname: redis
image: "redis:alpine"
command: --port 6380
restart: always
expose:
- '6380'
ports:
- "6380:6380"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/redis/redis.conf:/usr/local/etc/redis/redis.conf
celery:
build:
context: ./web
command: watchmedo auto-restart --directory=./ --pattern=*.py --recursive -- celery worker -A project.celery --loglevel=info
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/nginx/ssl:/etc/nginx/ssl
- data2:/home/flask/app/web/project/avner/img
depends_on:
- redis
volumes:
data1:
data2:
文件:key_file、cert_file 和 ca_file 是使用自 CA 生成的,步骤如下,类似于此处的步骤:
- 创建自我 CA
- 向 Docker 外部的本地主机签署证书
- 将文件挂载到 Docker
执行此更改后,我没有看到连接错误。容器启动正常,日志文件相当!
但是在运行时,从我的 Web 容器调用 Celery 任务时,我的 Web 容器中出现错误。
从我的javascript中,我有一个POST调用:
let queryUrl = 'http://localhost/api/v1_2/create_zip_file3';
let fetchData = {
method: 'POST',
};
let response = await fetch(queryUrl, fetchData);
以下是 Flask Web 容器中的代码:
@sites_api_blueprint.route('/api/v1_2/create_zip_file', methods=['POST'])
def create_zip_file():
print( 'BEG create_zip_file' )
task = create_zip_file_task.delay(current_user_id=current_user.id)
return jsonify({}), 202, {'Location': url_for('create_zip_file_taskstatus', task_id=task.id)}
@celery.task(bind=True)
def create_zip_file_task(self, current_user_id):
print( 'BEG create_zip_file_task' )
# do some stuff
# ...
# taskstatus -> create_zip_file_taskstatus
@app.route('/status/<task_id>')
def create_zip_file_taskstatus(task_id):
# return the progress status
# ...
Web 容器中的错误:
docker logs -f webserver_web_1
...
BEG create_zip_file
172.20.0.5 - - [14/Feb/2020 05:48:32] "POST /api/v1_2/create_zip_file HTTP/1.0" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 492, in connect
sock = self._connect()
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 742, in _connect
keyfile=self.keyfile)
FileNotFoundError: [Errno 2] No such file or directory
我做错了什么?
谢谢 艾伍纳
安全连接的问题是因为 SSL 密钥对 Web 容器不可用。
我通过更改 docker-compose.yml 来修复它
cat docker-compose.yml
...
services:
web:
volumes:
- /home/webServer/nginx/ssl:/etc/nginx/ssl
...
执行更改后,日志文件中没有错误。
但是连接似乎仍然存在问题,触发任务时,芹菜容器上没有任何活动。
这是一个不同的问题,我在这里单独跟踪它。