如何解决Websockets 请求失败,nginx-proxy for docker with ssl
我在 Web 服务器中使用 nginx-proxy 作为容器的反向代理。我有一个带有 Vue 前端的 Laravel 后端应用程序,它们使用 Laravel Websockets 通过 Websockets 进行通信。
后端和前端容器之间通过 HTTP 本地通信工作正常,但我无法通过 HTTPS 在 Web 服务器中使用它。
我使用 acme-companion 来生成和更新 Let's Encrypt 证书。 /etc/Nginx/conf.d/default.conf
文件按照 Laravel Websockets 的 these 说明进行编辑,以便与 Nginx 反向代理一起使用。
在前端,我调用 WebSocket 服务器 wss://api.domain.com
。据我所知,这将到达我的 location @ws
并被代理到端口 6001 中的 api
容器(从上游复制 IP),这是我的 WebSocket 服务器侦听的。问题是没有请求到达 WebSocket 服务器。使用 Nginx -s reload
有人可以帮我吗?由于 /var/log/Nginx/access.log
容器内的 /var/log/Nginx/error.log
和 Nginx-proxy
为空,我似乎无法理解我做错了什么或如何正确调试。谢谢。
docker-compose.yml
version: '2'
services:
Nginx-proxy:
container_name: Nginx-proxy
image: jwilder/Nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "/etc/Nginx/vhost.d"
- "/usr/share/Nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/etc/Nginx/certs"
letsencrypt-Nginx-proxy-companion:
container_name: letsencrypt-Nginx-proxy-companion
image: jrcs/letsencrypt-Nginx-proxy-companion
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
volumes_from:
- "Nginx-proxy"
api:
container_name: api
image: guizo/docker-laravel:PHP8.0-apache-postgres
ports:
- 6001:6001
working_dir: /var/www/html
volumes:
- ./api:/var/www/html
volumes_from:
- "Nginx-proxy"
environment:
VIRTUAL_HOST: api.domain.com
LETSENCRYPT_HOST: api.domain.com
app:
container_name: app
image: guizo/docker-Nginx
working_dir: /usr/share/Nginx/html
volumes:
- ./app/dist:/usr/share/Nginx/html
environment:
VIRTUAL_HOST: app.domain.com
LETSENCRYPT_HOST: app.domain.com
/etc/Nginx/conf.d/default.conf
map $http_upgrade $type {
default "web";
websocket "ws";
}
# api.domain.com
upstream api.domain.com-upstream {
## Can be connected with "dev_default" network
# api
server 172.18.0.4:80;
# Fallback entry
server 127.0.0.1 down;
}
server {
server_name api.domain.com;
listen 80 ;
access_log /var/log/Nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt Acme challenge
location ^~ /.well-kNown/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/Nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name api.domain.com;
listen 443 ssl http2 ;
access_log /var/log/Nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/Nginx/certs/api.domain.com.crt;
ssl_certificate_key /etc/Nginx/certs/api.domain.com.key;
ssl_dhparam /etc/Nginx/certs/api.domain.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/Nginx/certs/api.domain.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/Nginx/vhost.d/default;
location / {
try_files /nonexistent @$type;
}
location @web {
proxy_pass http://api.domain.com-upstream;
}
location @ws {
proxy_pass http://172.18.0.4:6001;
proxy_set_header Host $host;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。