docker - Docker 容器的端口与不在容器内的 nginx 发生冲突

问题描述

我的根目录下有一个 docker-compose.yml，如下所示。就上下文而言，我有一个托管在 Digital Ocean 液滴上的 Ghost CMS 博客。我想使用 Docker（一种开源评论解决方案）安装 Commento，但是当我通过 Cloudflare DNS 路由流量时，我需要在服务器端和前端都使用SSL 。

但是，我通过 Digital Ocean 的一键式 Ghost 安装程序安装了 Ghost，它将 nginx 配置为我的站点的反向代理。Nginx 不在容器中（安装在服务器上）。Nginx 侦听端口 80 和 443。当我尝试 docker-compose up 时，它显示以下错误：

Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use

Traefik 无法在 nginx 上侦听相同的端口（不在容器内，而是安装在服务器本身上）。我该如何解决这个问题，并让我的评论服务器也通过 SSL 反向代理？我的 docker-compose 如下：

version: '3.7'

services:

  proxy:
    restart: always
    image: traefik
    command:
    - "--api"
    - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
    - "--entrypoints=Name:https Address::443 TLS"
    - "--defaultentrypoints=http,https"
    - "--acme"
    - "--acme.storage=/etc/traefik/acme/acme.json"
    - "--acme.entryPoint=https"
    - "--acme.httpChallenge.entryPoint=http"
    - "--acme.onHostRule=true"
    - "--acme.onDemand=false"
    - "--acme.email=changeme@example.com" # TODO: Replace with your email address
    - "--docker"
    - "--docker.watch"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - ./traefik/acme:/etc/traefik/acme
    networks:
    - web
    ports:
    - "80:80"
    - "443:443"
    labels:
    - "traefik.enable=false"

  server:
    image: registry.gitlab.com/commento/commento:latest
    ports:
      - 8080:8080
    environment:
      COMMENTO_ORIGIN: https://commento.example.com # TODO: Replace commento.example.com with your domami$      COMMENTO_PORT: 8080
      COMMENTO_POSTGRES: postgres://postgres:passwordexample@db:5432/commento?s$      
    depends_on:
      - db
    networks:
      - db_network
      - web
  db:
    image: postgres
    environment:
      POSTGRES_DB: commento
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: examplepassword #TODO: Replace STRONG_PASSWORD with th$    networks:
      - db_network
    volumes:
      - postgres_data_volume:/var/lib/postgresql/data

volumes:
  postgres_data_volume:

networks:
  web:
      external
  db_network:

这是我在可用站点下的 nginx 服务器配置：

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

对不起，这有点新。谢谢！

标签： dockersslnginxserverreverse-proxy