如何配置nginx 转发域名请求到 docker 容器中?

  • docker拉取的镜像是 wordpress,端口映射关系为 -p 1080:80,容器内部使用apache2 ;

使用 [http://IP:1080] 访问没问题。

宿主机 nginx配置:

server {
    listen       80;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    index index.html index.htm index.php;

    location / {  
        include        fastcgi_params;
        proxy_pass     http://127.0.0.1:1080;
        add_header Access-Control-Allow-Origin *;
    }

}


server {
    listen       443;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    #ssl on;
    ssl_certificate "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.pem"; 
    ssl_certificate_key "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.key"; 
    ssl_session_timeout 5m; 
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;   

    index index.html index.htm index.php;

    location / {  
        include        fastcgi_params;
        proxy_pass     http://127.0.0.1:1080;
        add_header Access-Control-Allow-Origin *;
    }

}

容器内/etc/apache2/sites-enabled/000-default.conf 加上了

ServerName www.DOMAIN.com 

通过 [http://www.DOMAIN.com] 或者 [https://www.DOMAIN.com] 访问会跳转到 [http://IP:1080]

请问如何配置,
能够使用 [https://www.DOMAIN.com] 能够彻底替代 [http://IP:1080] 访问服务?
即浏览器地址栏一直是 域名而非IP ?

最佳答案

【最终解决方案】

1,宿主机nginx配置:

# Nginx
server {
    listen       80;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    index index.html index.htm index.php;

    if ($http_x_forwarded_proto = 'http'){
        return 301 https://$host$request_uri;
    }

    location / {  
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header REQUEST-URI $request_uri;

        proxy_pass     http://127.0.0.1:1081;
    }

}


server {
    listen       443;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    #ssl on;
    ssl_certificate "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.pem"; 
    ssl_certificate_key "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.key"; 
    ssl_session_timeout 5m; 
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;   

    index index.html index.htm index.php;

    location / {  
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header REQUEST-URI $request_uri;

        proxy_pass     http://127.0.0.1:1081;
    }

}

2,Wordpress容器中

2.1,apache2 配置

// 开启SSL模块

a2enmod ssl

// 引入 SSL 证书

vim /etc/apache2/sites-available/default-ssl.conf

ServerName www.DOMAIN.com

SSLCertificateFile /etc/apache2/ssl/4591934_www.DOMAIN.com_public.crt
SSLCertificateKeyFile /etc/apache2/ssl/4591934_www.DOMAIN.com.key
SSLCertificateChainFile /etc/apache2/ssl/4591934_www.DOMAIN.com_chain.crt

// 让ssl配置被apache加载

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

// 重启apache

/etc/init.d/apache2 restart

// vim /etc/apache2/sites-enabled/000-default.conf

<Directory "/var/www/html"> 
    RewriteEngine   on
    RewriteBase /
    # FORCE HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</Directory>

2.2 wordpress 开启 SSL

// vim wp-config.php

$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

谢谢各位的想法和建议! :kissing_heart:

2年前 评论
讨论数量: 3

这里的include fastcgi_params;好像没用了吧
你可能还需要proxy_set_header 设置请求头

2年前 评论
Darwin (楼主) 2年前

反向代理背后的服务器对浏览器是无感知的,看你这个配置貌似没有问题。

打开浏览器开发者工具,抓取网络请求看看是哪一步指示浏览器跳转到了背后的服务

2年前 评论
Darwin (楼主) 2年前

【最终解决方案】

1,宿主机nginx配置:

# Nginx
server {
    listen       80;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    index index.html index.htm index.php;

    if ($http_x_forwarded_proto = 'http'){
        return 301 https://$host$request_uri;
    }

    location / {  
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header REQUEST-URI $request_uri;

        proxy_pass     http://127.0.0.1:1081;
    }

}


server {
    listen       443;
    server_name  www.DOMAIN.com;
    access_log /var/log/nginx/www_zsd_access_log.log;

    #ssl on;
    ssl_certificate "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.pem"; 
    ssl_certificate_key "/wwwroot/ssl_cert/4591934_www.DOMAIN.com.key"; 
    ssl_session_timeout 5m; 
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;   

    index index.html index.htm index.php;

    location / {  
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header REQUEST-URI $request_uri;

        proxy_pass     http://127.0.0.1:1081;
    }

}

2,Wordpress容器中

2.1,apache2 配置

// 开启SSL模块

a2enmod ssl

// 引入 SSL 证书

vim /etc/apache2/sites-available/default-ssl.conf

ServerName www.DOMAIN.com

SSLCertificateFile /etc/apache2/ssl/4591934_www.DOMAIN.com_public.crt
SSLCertificateKeyFile /etc/apache2/ssl/4591934_www.DOMAIN.com.key
SSLCertificateChainFile /etc/apache2/ssl/4591934_www.DOMAIN.com_chain.crt

// 让ssl配置被apache加载

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

// 重启apache

/etc/init.d/apache2 restart

// vim /etc/apache2/sites-enabled/000-default.conf

<Directory "/var/www/html"> 
    RewriteEngine   on
    RewriteBase /
    # FORCE HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</Directory>

2.2 wordpress 开启 SSL

// vim wp-config.php

$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

谢谢各位的想法和建议! :kissing_heart:

2年前 评论

讨论应以学习和精进为目的。请勿发布不友善或者负能量的内容,与人为善,比聪明更重要!