0
我有一个使用nginx和我的Flask应用程序(应用程序容器)的Docker设置。 nginx容器没有什么特别之处。应用程序容器包含我的Flask应用程序,uWSGI和Supervisor。这个容器共享uWSIG-socket所在的卷,所以nginx-container可以使用这个套接字。这按预期工作,但是,我无法通过nginx访问Supervisor的Web界面。我在Google上找不到任何与此相关的内容,所以我希望你们能帮助我。无法连接到Nginx的supevisor插座
这里是我的配置文件:
泊坞窗,构成
app:
restart: always
build: ./app
command: supervisord -c /www-botillsammans-conf/supervisord.ini
volumes:
- '/www-botillsammans-conf'
nginx:
restart: always
build: ./nginx
command: nginx -c /www-botillsammans-nginx/nginx.conf
ports:
- '80:80'
- '443:443'
volumes_from:
- 'app'
nginx的
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream flask {
server unix:/www-botillsammans-conf/www.uwsgi.sock;
}
upstream supervisor {
server unix:/tmp/supervisor.sock;
}
server {
listen 443 ssl;
server_name botillsammans.nu www.botillsammans.nu;
access_log /var/log/nginx/ssl_botillsammans.access.log;
error_log /var/log/nginx/ssl_botillsammans.error.log;
server_tokens off;
ssl_certificate fullchain.pem;
ssl_certificate_key privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Disable SSLv3
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
# Fix Diffie-Hellman for TLS
# More info: https://weakdh.org/sysadmin.html
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /www-botillsammans-nginx/ssl/dhparams.pem;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate chain1.pem;
resolver 8.8.8.8 8.8.4.4 valid=86400;
resolver_timeout 10;
location/{
uwsgi_pass flask;
include uwsgi_params;
proxy_set_header X-Prerender-Token xADstXQmfnMxFZn6SXTq;
}
location /supervisor {
proxy_pass https://supervisor;
}
location /supervisor2 {
proxy_pass http://supervisor;
}
}
监事的conf [unix_http_server] 文件= /tmp/supervisor.sock 搭配chmod = 0777 CHOWN = 1001:500
[supervisord]
nodaemon = true
pidfile = /tmp/supervisord.pid
logfile = /var/log/supervisor/supervisor.log
logfile_maxbytes = 10MB
[supervisorctl]
serverurl = unix:///tmp/supervisor.sock
username = supervisor
password = pass
[program:www]
user = supervisor
command = uwsgi --thunder-lock --ini /www-botillsammans-conf/www.uwsgi.ini
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/www.out.log
stderr_logfile = /var/log/supervisor/www.err.log
stdout_logfile_maxbytes = 10MB
stderr_logfile_maxbytes = 10MB
exitcodes = 0
stopsignal = HUP
我想这是所有相对构型。所以,我的问题是如何通过UNIX套接字让nginx的主管工作?
它看起来像你的上司套接字文件是'/ tmp目录/ supervisor.sock'在您的应用程序容器中,而不在您定义的卷中。尝试通过将'file =/www-botillsammans-conf/supervisor.sock'添加到您的[supervisord]指令来移动您的超级用户套接字,然后将您的nginx配置改为指向此处而不是/ tmp。 –
嗯..这是一个愚蠢的错误,它在www-botillsammans-conf之前,但它没有工作,然后由于权限错误。我尝试将其移回并设置正确的权限,但我仍然在/ supervisor-route上从Nginx获得502,在/ supervisor2-route上获得404。有没有办法从'supervisorctl'或'unix_http_server'记录任何东西? – jwanglof
有些进步!管理得到登录弹出,用config-files的用户名和密码成功登录,但是当我登录时,我得到了一个404页的消息:Not Found.'。有任何想法吗? – jwanglof