nginx的和泊坞窗 - 转发端口80/443 3000

Question

我使用泊坞窗，撰写到config我用meteor应用程序容器和容器nginx应用程序，这是我docker-compose文件：

version: '2' 
services: 
    webapp: 
    image: webapp.image.uri:latest 
    ports: 
    - "3000:3000" 
    environment: 
    - ROOT_URL=https://my.app.url 
    nginx: 
    image: nginx.image.uri:latest 
    volumes: 
     - certs:/etc/letsencrypt 
     - certs-data:/data/letsencrypt 
    ports: 
    - "80:80" 
    - "443:443" 

我使用nginx来处理HTTPS请求。 我想要做的是配置nginx，这样，当用户访问my.app.url我可以得到端口443工作meteor应用（3000端口）。
顺便说一句，这里的nginx配置，我使用：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 

    location/{ 
     rewrite^https://$host$request_uri? permanent; 
    } 

    location ^~ /.well-known { 
     allow all; 
     root /data/letsencrypt/; 
    } 
} 

server { 
    listen  443   ssl http2; 
    listen [::]:443   ssl http2; 
    server_name    my.app.url; 

    ssl      on; 

    add_header    Strict-Transport-Security "max-age=31536000" always; 

    ssl_session_cache   shared:SSL:20m; 
    ssl_session_timeout  10m; 

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers    "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; 

    ssl_stapling    on; 
    ssl_stapling_verify  on; 
    resolver     8.8.8.8 8.8.4.4; 

    ssl_certificate   /etc/letsencrypt/live/my.app.url/fullchain.pem; 
    ssl_certificate_key  /etc/letsencrypt/live/my.app.url/privkey.pem; 
    ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem; 

    access_log    /dev/stdout; 
    error_log     /dev/stderr info; 

    # other configs 
} 

在先进的感谢这么多！

Answer 1

处理请求

我懂了。这是我如何改良我的docker-compose.yml文件：

version: '2' 
services: 
    webapp: 
    image: webapp.image.uri:latest 
    ports: 
    - "3000:3000" 
    environment: 
    - ROOT_URL=https://my.app.url 
    nginx: 
    image: nginx.image.uri:latest 
    volumes: 
     - certs:/etc/letsencrypt 
     - certs-data:/data/letsencrypt 
    ports: 
    - "80:80" 
    - "443:443" 
    links: # new 
    - webapp 
    volumes_from: 
    - webapp 

这是nginx配置文件：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 

    location/{ 
     rewrite^https://$host$request_uri? permanent; 
    } 

    location ^~ /.well-known { 
     allow all; 
     root /data/letsencrypt/; 
    } 
} 

server { 
    listen  443   ssl http2; 
    listen [::]:443   ssl http2; 
    server_name    my.app.url; 

    ssl      on; 

    add_header    Strict-Transport-Security "max-age=31536000" always; 

    ssl_session_cache   shared:SSL:20m; 
    ssl_session_timeout  10m; 

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers    "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; 

    ssl_stapling    on; 
    ssl_stapling_verify  on; 
    resolver     8.8.8.8 8.8.4.4; 

    ssl_certificate   /etc/letsencrypt/live/my.app.url/fullchain.pem; 
    ssl_certificate_key  /etc/letsencrypt/live/my.app.url/privkey.pem; 
    ssl_trusted_certificate /etc/letsencrypt/live/my.app.url/chain.pem; 

    access_log    /dev/stdout; 
    error_log     /dev/stderr info; 

    # other configs 

    location/{ 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header X-Forwarded-Proto $scheme; 
     proxy_redirect off; 
     proxy_pass   http://webapp:3000; 
    } 
} 

Answer 2

我想要做的是Nginx的配置，这样，当用户访问my.app.url我能得到流星应用端口工作443

可以使用nginx_http_rewrite_module到HTTP重定向到https永久。 您的第一台服务器块改成这样：

server { 
    listen  80; 
    listen [::]:80; 
    server_name my.app.url; 
    return 301 https://my.app.url$request_uri; 
} 

更多nginx_http_rewrite_module，你可以参考这个http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

关于端口转发，想象你的应用服务器监听的端口3000，您可以将上游块添加到HTTP块。

upstream app { 
    server 127.0.0.1:3000; #image the nginx is in same machine with your app server 
} 

这行添加到您的第二个服务器模块：

proxy_pass https://app; 

而现在从外面所有的连接将使用HTTPS，你的应用程序在听取3000端口也可以从443