对于某些在docker中运行的应用,我需要将nginx配置为反向代理。 Portainer运行良好,但是HashiCorp Vault仍然存在问题。进一步的步骤将对所有正在运行的应用程序使用nginx进行SSL连接。所有应用程序都处于最简单的设置中,我无需任何特殊功能即可使用。
环境
- Centos 7
- nginx从rpm 1.16.1-1起(用于调试选项,在进一步使用时,它也应位于容器中)
- portainer
- 保管库1.2.4
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 1.2.3.4;
location /portainer/ {
proxy_pass http://1.2.3.4:9000/;
rewrite ^/portainer(/.*) $1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /vault/ {
proxy_pass http://1.2.3.4:8200/;
rewrite ^/vault(/.*) $1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
#include /etc/nginx/conf.d/*.conf;
}
/var/lib/docker/volumes/vault_vault_config/_data/vault.json
{
"backend": {
"file": {
"path": "/vault/file"
}
},"listener": {
"tcp":{
"address": "0.0.0.0:8200","tls_disable": 1
}
},"ui": true,"disable_mlock": true,"disable_clustering": true
}
注意:要在docker中运行,需要“ disable_mlock”,“ disable_clustering” 应解决我的问题,但它不能按预期工作。
/var/lib/docker/apps/vault-stack.yml
version: '3.2'
services:
vault:
image: vault
deploy:
replicas: 1
ports:
- 8200:8200
environment:
- VAULT_ADDR=http://127.0.0.1:8200
volumes:
- vault_config:/vault/config
- vault_logs:/vault/logs
- vault_file:/vault/file
entrypoint: vault server -config=/vault/config/vault.json
volumes:
vault_config:
driver: local
vault_file:
driver: local
vault_logs:
driver: local
问题
Portainer运行良好,但是在保管库中,我仍然遇到404错误的问题。当我去http://1.2.3.4/vault时,我重定向到http://1.2.3.4/ui,这显然不存在。我发现这是因为“ 307临时重定向”。/var/log/nginx/error.log
2019/11/12 14:06:41 [debug] 13564#13564: *8 using configuration "/vault/"
2019/11/12 14:06:41 [debug] 13564#13564: *8 HTTP/1.1 301 Moved Permanently
Location: http://1.2.3.4/vault/
2019/11/12 14:06:41 [notice] 13564#13564: *8 "^/vault(/.*)" matches "/vault/",client: 10.20.30.40,server: 1.2.3.4,request: "GET /vault/ HTTP/1.1",host: "1.2.3.4"
2019/11/12 14:06:41 [notice] 13564#13564: *8 rewritten data: "/",args: "",host: "1.2.3.4"
2019/11/12 14:06:41 [debug] 13564#13564: *8 HTTP/1.1 307 Temporary Redirect
Location: /ui/
2019/11/12 14:06:41 [error] 13564#13564: *8 "/etc/nginx/html/ui/index.html" is not found (2: No such file or directory),request: "GET /ui/ HTTP/1.1",host: "1.2.3.4"
我尝试过的
几乎所有的内容:)已经花了太多时间才能使其正常工作,这就是我在这里的原因。 当我尝试捕获重定向并将其放置在自己的位置时,从500内部错误到“太多重定向”,我遇到了许多不同的错误。 试图通过禁用群集(如在vault.json中)在Vault的“服务器”端解决此问题