时间戳

首页 > 解决方案 > 如何为反向代理配置 nginx 以隐藏正在运行 docker 容器的端口?

docker - 如何为反向代理配置 nginx 以隐藏正在运行 docker 容器的端口?

问题描述


我有 2 个 docker 容器 - 前端(Angular 8)和 api(节点),前端默认在端口 81 上工作,api 在端口 1337 上工作。我还注册了一个域,其中两个应用程序都可用并添加了 ssl 配置。但是,它的工作方式是前端在 www.example.com 和 api 上可用,在 www.example.com:1337,我想知道是否有办法将 nginx 配置设置为服务前端在 www.example.com 和 www.example.com/api 上的 api 上并在端口 443 上监听两个容器?在此先感谢您的帮助。

用于反向代理的 nginx.conf

http {
  upstream frontend {
    server frontend:81;
  }
  upstream api {
    server api:1337;
  }

  server {
    listen 80;

    location ~ /.well-known/acme-challenge {
      allow all;
      root /usr/share/nginx/html;
    }

    location / {
      rewrite ^ https://$host$request_uri? permanent;
    }
  }

  server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com example.com;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;


    ssl_buffer_size 8k;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    location /api {
      try_files $uri @api;
    }

    location / {
      try_files $uri @frontend;
    }

    location @frontend {
    proxy_pass http://frontend;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
      }

    location @api {
    proxy_pass http://api;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    }

    root /usr/share/nginx/html;
    index index.html index.htm index.nginx-debian.html;    
  }
}

docker-compose.yml 的一部分,负责反向代理

  reverse:
    container_name: reverseProxy
    hostname: reverse
    image: nginx:latest
    ports:
      - "80:80"
      - "81:81"
      - "1337:1337"
      - "443:443"
    volumes:
      - ./defaultnginx.conf:/etc/nginx/nginx.conf
      - /usr/share/nginx/html:/usr/share/nginx/html
      - certbot-etc:/etc/letsencrypt
      - certbot-var:/var/lib/letsencrypt
    depends_on:
      - frontend
      - api

标签: dockernginxdocker-composessl-certificatenginx-reverse-proxy

解决方案

推荐阅读