apache - 如何通过带有 SSL 的 Apache 2 公开 nginx docker 容器?
问题描述
我在 Digital Ocean 液滴上的 docker 容器上运行了一个 Web 应用程序。该应用程序有自己的容器,并通过地址 0.0.0.0:8080 上的 Nginx 容器提供服务。这是 nginx 配置文件:
server {
listen 80;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
和我的 nginx 容器 dockerfile:
FROM nginx:1.10
ADD ./vhost.conf /etc/nginx/conf.d/default.conf
WORKDIR /var/www
现在,我有一个域,我使用 certbot 生成了一个 SSL 证书,我想通过这个域为我的应用程序提供服务,但是我失败了。
我正在使用(或尝试)Apache2 作为反向代理,但我无法让它工作。我现在可以访问应用程序的主页,但没有任何资源,因为该页面是通过 https 提供的,但资源是通过 http 从容器中获取的。我不知道我已经尝试了多少东西,但我无处可去。任何帮助将非常感激。这是我的虚拟主机配置,如果有帮助的话。
vhost-le-ssl.conf:
<IfModule mod_ssl.c>
#Listen 443
#NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/cert.pem
# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
ServerName antonioquadrado.com
ServerAlias www.antonioquadrado.com
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =antonioquadrado.com [OR]
# RewriteCond %{SERVER_NAME} =www.antonioquadrado.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/antonioquadrado.com/privkey.pem
</VirtualHost>
</IfModule>
vhost.conf:
VirtualHost *:80>
ProxyPreserveHost On
# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
ProxyPass / https://0.0.0.0:8080/
ProxyPassReverse / https://0.0.0.0:8080/
ServerName antonioquadrado.com
ServerAlias www.antonioquadrado.com
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =antonioquadrado.com [OR]
RewriteCond %{SERVER_NAME} =www.antonioquadrado.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
我已经按照这个数字海洋教程得到了这一点。
提前致谢!
编辑:@SmileIt 指向 serverfault 答案后,我已将我的虚拟主机配置更新为:
<VirtualHost *:80>
ServerName antonioquadrado.com
ServerAlias www.antonioquadrado.com
Redirect permanent / https://www.antonioquadrado.com/
</VirtualHost>
ssl 虚拟主机:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.antonioquadrado.com
DirectoryIndex index.php index.html
SetOutputFilter SUBSTITUTE,DEFLATE
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://0.0.0.0:8080/|https://www.antonioquadrado.com/|i"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateKeyFile /etc/letsencrypt/live/antonioquadrado.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/antonioquadrado.com/fullchain.pem
#SSLCertificateChainFile /path-to/chain.pem
<Proxy *>
Order deny,allow
Allow from all
Allow from localhost
</Proxy>
</VirtualHost>
</IfModule>
但是我对通过 http 通过内部 ip 获取的资源有同样的错误。
这也是我的 docker-compose 文件:
version: '2'
services:
web:
build:
context: ./
dockerfile: web.docker
volumes:
- ./:/var/www
ports:
- "8080:80"
links:
- app
app:
build:
context: ./
dockerfile: app.docker
volumes:
- ./:/var/www
links:
- database
environment:
- "DB_PORT=3306"
- "DB_HOST=database"
database:
image: mysql:5.6
environment:
- "MYSQL_ROOT_PASSWORD=*****"
- "MYSQL_DATABASE=*******"
ports:
- "33061:3306"
解决方案
Apache 输出过滤器很可能出现故障。
将以下内容添加到顶部附近的 VirtualHost 配置中并重新启动 Apache。
SetOutputFilter SUBSTITUTE;DEFLATE
本质上,我们必须告诉 Apache 订购输出过滤器。先替换再放气。如果这对您不起作用,请将以下内容添加到您的 VirturalHost 配置并发送输出。
LogLevel trace3 rewrite:error filter:trace8
输出应该告诉我们在替换过滤器之前正在运行哪些过滤器。
推荐阅读
- r - 使用Rstudio迭代将R1C1行中的第一个单元格向左移到多个工作表excel中
- ionic-framework - 离子5 | 本机设备上的存储未准备好
- storybook - 在故事书 6 中禁用每个故事的画布
- tensorflow - 在子类模型中使用带有自定义 train_step 的 Keras ImageDataGenerator 时出错
- r - 当空间中有多个数据框时,我的功能不起作用
- powershell - 使用一个文件中的 CSV 标头名称来创建具有不同标头名称的新文件
- c++ - 删除向量中的指针
- sql - SSIS:CSV在同一列中使用小数和整数
- node.js - 无法使用 npm 安装 expo
- java - 应用程序上下文形成了 Setter 方法的循环,但不适用于 Spring Boot 中的 @Autowired