nginx的和泊塢窗 - 轉發端口80/443 3000

Question

我使用泊塢窗，撰寫到config我用meteor應用程序容器和容器nginx應用程序，這是我docker-compose文件：

version: '2' 
services: 
    webapp: 
    image: webapp.image.uri:latest 
    ports: 
    - "3000:3000" 
    environment: 
    - ROOT_URL=https://my.app.url 
    nginx: 
    image: nginx.image.uri:latest 
    volumes: 
     - certs:/etc/letsencrypt 
     - certs-data:/data/letsencrypt 
    ports: 
    - "80:80" 
    - "443:443" 

我使用nginx來處理HTTPS請求。 我想要做的是配置nginx，這樣，當用戶訪問my.app.url我可以得到端口443工作meteor應用（3000端口）。
順便說一句，這裏的nginx配置，我使用：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 

    location/{ 
     rewrite^https://$host$request_uri? permanent; 
    } 

    location ^~ /.well-known { 
     allow all; 
     root /data/letsencrypt/; 
    } 
} 

server { 
    listen  443   ssl http2; 
    listen [::]:443   ssl http2; 
    server_name    my.app.url; 

    ssl      on; 

    add_header    Strict-Transport-Security "max-age=31536000" always; 

    ssl_session_cache   shared:SSL:20m; 
    ssl_session_timeout  10m; 

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers    "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; 

    ssl_stapling    on; 
    ssl_stapling_verify  on; 
    resolver     8.8.8.8 8.8.4.4; 

    ssl_certificate   /etc/letsencrypt/live/my.app.url/fullchain.pem; 
    ssl_certificate_key  /etc/letsencrypt/live/my.app.url/privkey.pem; 
    ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem; 

    access_log    /dev/stdout; 
    error_log     /dev/stderr info; 

    # other configs 
} 

在先進的感謝這麼多！

Answer 1

處理請求

我懂了。這是我如何改良我的docker-compose.yml文件：

version: '2' 
services: 
    webapp: 
    image: webapp.image.uri:latest 
    ports: 
    - "3000:3000" 
    environment: 
    - ROOT_URL=https://my.app.url 
    nginx: 
    image: nginx.image.uri:latest 
    volumes: 
     - certs:/etc/letsencrypt 
     - certs-data:/data/letsencrypt 
    ports: 
    - "80:80" 
    - "443:443" 
    links: # new 
    - webapp 
    volumes_from: 
    - webapp 

這是nginx配置文件：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 

    location/{ 
     rewrite^https://$host$request_uri? permanent; 
    } 

    location ^~ /.well-known { 
     allow all; 
     root /data/letsencrypt/; 
    } 
} 

server { 
    listen  443   ssl http2; 
    listen [::]:443   ssl http2; 
    server_name    my.app.url; 

    ssl      on; 

    add_header    Strict-Transport-Security "max-age=31536000" always; 

    ssl_session_cache   shared:SSL:20m; 
    ssl_session_timeout  10m; 

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers    "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; 

    ssl_stapling    on; 
    ssl_stapling_verify  on; 
    resolver     8.8.8.8 8.8.4.4; 

    ssl_certificate   /etc/letsencrypt/live/my.app.url/fullchain.pem; 
    ssl_certificate_key  /etc/letsencrypt/live/my.app.url/privkey.pem; 
    ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem; 

    access_log    /dev/stdout; 
    error_log     /dev/stderr info; 

    # other configs 

    location/{ 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header X-Forwarded-Proto $scheme; 
     proxy_redirect off; 
     proxy_pass   http://webapp:3000; 
    } 
} 

Answer 2

我想要做的是Nginx的配置，這樣，當用戶訪問my.app.url我能得到流星應用端口工作443

可以使用nginx_http_rewrite_module到HTTP重定向到https永久。 您的第一臺服務器塊改成這樣：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 
    return 301 https://my.app.url$request_uri; 
} 

更多nginx_http_rewrite_module，你可以參考這個http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

關於端口轉發，想象你的應用服務器監聽的端口3000，您可以將上游塊添加到HTTP塊。

upstream app { 
    server 127.0.0.1:3000; #image the nginx is in same machine with your app server 
} 

這行添加到您的第二個服務器模塊：

proxy_pass https://app; 

而現在從外面所有的連接將使用HTTPS，你的應用程序在聽取3000端口也可以從443