驾驶舱通过NGINX -设置使其他服务无法到达
驾驶舱通过NGINX -设置使其他服务无法到达
提问于 2021-11-13 16:26:41
我有一个服务器(),它有一些基于Docker的服务器(Gitlab,Redmine)和NGINX作为代理。
gitlab. => NGINX -> :port => Gitlab-container
redmine. => NGINX -> :port => Redmine-container
SQL-container
Certbot 这就像一种魅力。现在我想通过驾驶舱Web服务扩展我的服务器:
cockpit. => NGINX -> localhost:9090 => Cockpit running on the server
gitlab. => NGINX -> :port => Gitlab-container
redmine. => NGINX -> :port => Redmine-container
SQL-container
Certbot 我为驾驶舱添加了一个额外的NGINX规则(对应于https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-NGINX),然后驾驶舱出现了,但是红敏和Gitlab都没有。如果我取消了规则,反之亦然。
在/etc/ NGINX /sites现有/和/etc/NGINX/site中启用/存储下列NGINX规则:
gitlab.
server {
listen 80;
listen [::]:80;
server_name gitlab.;
location / {
proxy_pass http://:port;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
}
}redmine.
server {
listen 80;
listen [::]:80;
server_name redmine.;
location / {
proxy_pass http://:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}现在我补充道: cockpit.
server {
listen 80;
listen 443 ssl;
server_name cockpit.;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}和/etc/驾驶舱/驾驶舱
[WebService]
Origins = https://cockpit. 127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
[Log]
Fatal = /var/log/cockpit.log
[Session]
IdleTimeout=15这里少了什么?
回答 1
Server Fault用户
回答已采纳
发布于 2021-11-14 14:23:35
这里少了什么?
这个问题并不发生在所有的设备上。有些人说“这个连接不安全”。红鼠狼和gitlab的。但驾驶舱没有。这个谜语的解决方案是,Gitlab和Redmine的规则还没有完成,https请求被卡在哪里了。
端口443 (https)的规则缺失。现在我把这些街区变成了两个:
- 将http请求重定向到https
- 侦听https请求并将它们转发给应用程序。
现在看起来是这样的:
/etc/nginx/sites可用/gitlab.链接到/etc/nginx/sites启用/gitlab.
# redirect http request to https while keeping the request uri
server {
listen 80;
listen [::]:80;
server_name gitlab.;
return 301 https://gitlab.$request_uri;
}
# https requests will forwarded to the server application
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitlab.;
location / {
proxy_pass http://:;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
gzip off;
}
}/etc/nginx/sites可用/红。链接到/etc/nginx/sites启用/redmine。
# redirect http request to https while keeping the request uri
server {
listen 80;
listen [::]:80;
server_name redmine.;
return 301 https://redmine.$request_uri;
}
# https requests will forwarded to the server application
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name redmine.;
location / {
proxy_pass http://:;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
gzip off;
}
}/etc/nginx/sites可用/座舱。链接到/etc/nginx/sites启用/座舱。
server {
listen 80;
listen 443 ssl;
server_name cockpit.;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}和/etc/驾驶舱/驾驶舱
[WebService]
Origins = https://cockpit. 127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
[Log]
Fatal = /var/log/cockpit.log
[Session]
IdleTimeout=15完成:/etc/nginx/sites可用/默认链接到/etc/nginx/sites启用/默认
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
error_log /opt/logs/certbot_error debug;
}页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1083473
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号