0

我被困在使用 jrcs/letsencrypt-nginx-proxy-companion 的反向代理 jwilder/nginx-proxy 后面部署 docker image gitea/gitea:1 以进行自动证书更新。gitea 正在运行,我可以通过端口 3000 的 http 地址连接。代理也在运行,因为我有多个应用程序和服务,例如 sonarqube 运行良好。

这是我的 docker-compose.yml:

version: "2"

services:
  server:
    image: gitea/gitea:1
    environment:
      - USER_UID=998
      - USER_GID=997
      - DB_TYPE=mysql
      - DB_HOST=172.17.0.1:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=mysqlpassword
      - ROOT_URL=https://gitea.myhost.de
      - DOMAIN=gitea.myhost.de
      - VIRTUAL_HOST=gitea.myhost.de
      - LETSENCRYPT_HOST=gitea.myhost.de
      - LETSENCRYPT_EMAIL=me@web.de
    restart: always
    ports:
      - "3000:3000"
      - "222:22"
    expose:
      - "3000"
      - "22"
    networks:
      - frontproxy_default
    volumes:
      - /mnt/storagespace/gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
networks:
  frontproxy_default:
    external: true
  default:

当我调用https://gitea.myhost.de时,结果是

502 错误网关 (nginx/1.17.6)

这是日志条目:

2020/09/13 09:57:30 [error] 14323#14323: *15465 no live upstreams while connecting to upstream, client: 77.20.122.169, server: gitea.myhost.de, request: "GET / HTTP/2.0", upstream: "http://gitea.myhost.de/", host: "gitea.myhost.de"

这是 nginx/conf/default.conf 中的相关条目:

# gitea.myhost.de
upstream gitea.myhost.de {
                ## Can be connected with "frontproxy_default" network
        # gitea_server_1
            server 172.23.0.10 down;
}
server {
    server_name gitea.myhost.de;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    # Do not HTTPS redirect Let'sEncrypt ACME challenge
    location /.well-known/acme-challenge/ {
        auth_basic off;
        allow all;
        root /usr/share/nginx/html;
        try_files $uri =404;
        break;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    server_name gitea.myhost.de;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/gitea.myhost.de.crt;
    ssl_certificate_key /etc/nginx/certs/gitea.myhost.de.key;
    ssl_dhparam /etc/nginx/certs/gitea.myhost.de.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/gitea.myhost.de.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://gitea.myhost.de;
    }
}

也许这是一个问题,我按照https://docs.gitea.io/en-us/backup-and-restore/中的建议为这个容器使用了 gitea 备份

我该怎么做才能让它运行?我已阅读此https://docs.gitea.io/en-us/reverse-proxies/但也许我错过了一些东西。要点是让letsencrypt-nginx-proxy-companion自动管理证书。

非常感谢任何帮助和提示。

4

1 回答 1

1

我相信您所缺少的只是您的 gitea 容器环境中的 VIRTUAL_PORT 设置。这告诉反向代理容器在路由来自您的 VIRTUAL_HOST 域的传入请求时连接哪个端口,有效地将“:3000”添加到您的 nginx conf 中的上游服务器。当您的容器都在同一主机上时,情况也是如此。默认情况下,反向代理容器只侦听该服务的 80 端口,但由于 gitea docker 容器使用另一个默认端口 3000,因此您需要将其告知反向代理容器。请参阅下面使用撰写文件中的片段。

services:
  server:
    image: gitea/gitea:1
    environment:
      - USER_UID=998
      - USER_GID=997
      - DB_TYPE=mysql
      - DB_HOST=172.17.0.1:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=mysqlpassword
      - ROOT_URL=https://gitea.myhost.de
      - DOMAIN=gitea.myhost.de
      - VIRTUAL_HOST=gitea.myhost.de
      - VIRTUAL_PORT=3000 <-------------------***Add this line***
      - LETSENCRYPT_HOST=gitea.myhost.de
      - LETSENCRYPT_EMAIL=me@web.de
    restart: always
    ports:
      - "3000:3000"
      - "222:22"
    expose:
      - "3000"
      - "22"
    networks:
      - frontproxy_default
    volumes:
      - /mnt/storagespace/gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
networks:
  frontproxy_default:
    external: true
  default:

PS:如果所有容器都在同一个主机上,则不需要公开端口,并且除了试图让它为它工作之外没有其他原因。

于 2020-09-30T13:05:03.493 回答