对于某些在docker中运行的应用,我需要将nginx配置为反向代理。 Portainer运行良好,但是HashiCorp Vault仍然存在问题。进一步的步骤将对所有正在运行的应用程序使用nginx进行SSL连接。所有应用程序都处于最简单的设置中,我无需任何特殊功能即可使用。
环境
- Centos 7
- nginx从rpm 1.16.1-1起(用于调试选项,在进一步使用时,它也应位于容器中)
- portainer
- 保管库1.2.4
user nginx; worker_processes 1; error_log /var/log/nginx/error.log debug; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen 80; server_name 1.2.3.4; location /portainer/ { proxy_pass http://1.2.3.4:9000/; rewrite ^/portainer(/.*) $1 break; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location /vault/ { proxy_pass http://1.2.3.4:8200/; rewrite ^/vault(/.*) $1 break; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } } #include /etc/nginx/conf.d/*.conf; }
/var/lib/docker/volumes/vault_vault_config/_data/vault.json
{ "backend": { "file": { "path": "/vault/file" } },"listener": { "tcp":{ "address": "0.0.0.0:8200","tls_disable": 1 } },"ui": true,"disable_mlock": true,"disable_clustering": true }
注意:要在docker中运行,需要“ disable_mlock”,“ disable_clustering” 应解决我的问题,但它不能按预期工作。
/var/lib/docker/apps/vault-stack.yml
version: '3.2' services: vault: image: vault deploy: replicas: 1 ports: - 8200:8200 environment: - VAULT_ADDR=http://127.0.0.1:8200 volumes: - vault_config:/vault/config - vault_logs:/vault/logs - vault_file:/vault/file entrypoint: vault server -config=/vault/config/vault.json volumes: vault_config: driver: local vault_file: driver: local vault_logs: driver: local
问题
Portainer运行良好,但是在保管库中,我仍然遇到404错误的问题。当我去http://1.2.3.4/vault时,我重定向到http://1.2.3.4/ui,这显然不存在。我发现这是因为“ 307临时重定向”。/var/log/nginx/error.log
2019/11/12 14:06:41 [debug] 13564#13564: *8 using configuration "/vault/" 2019/11/12 14:06:41 [debug] 13564#13564: *8 HTTP/1.1 301 Moved Permanently Location: http://1.2.3.4/vault/ 2019/11/12 14:06:41 [notice] 13564#13564: *8 "^/vault(/.*)" matches "/vault/",client: 10.20.30.40,server: 1.2.3.4,request: "GET /vault/ HTTP/1.1",host: "1.2.3.4" 2019/11/12 14:06:41 [notice] 13564#13564: *8 rewritten data: "/",args: "",host: "1.2.3.4" 2019/11/12 14:06:41 [debug] 13564#13564: *8 HTTP/1.1 307 Temporary Redirect Location: /ui/ 2019/11/12 14:06:41 [error] 13564#13564: *8 "/etc/nginx/html/ui/index.html" is not found (2: No such file or directory),request: "GET /ui/ HTTP/1.1",host: "1.2.3.4"
我尝试过的
几乎所有的内容:)已经花了太多时间才能使其正常工作,这就是我在这里的原因。 当我尝试捕获重定向并将其放置在自己的位置时,从500内部错误到“太多重定向”,我遇到了许多不同的错误。 试图通过禁用群集(如在vault.json中)在Vault的“服务器”端解决此问题