nginx - 使用 “nginx-proxy” docker容器配置的目标网站上的网关错误

Question

我尝试使用很棒的latex.comnmodel.org docker容器解决nginx-proxy上我的vps上的 502网关错误。我在配置中迷路了，所以我把这个问题作为一个问题交叉发布在github中，在这里可以找到帮助。

我的docker0是172.17.0.1，而docker -ps命令返回:

CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                                      NAMES
dca0d15c69bf        sharelatex/sharelatex   "/sbin/my_init"          2 minutes ago       Up 2 minutes        0.0.0.0:5000->80/tcp                       sharelatex
55ebd6b84a6a        osixia/phpldapadmin     "/container/tool/run"    3 days ago          Up 3 days           80/tcp, 443/tcp                            sleepy_thompson
e8fe2bd50c3a        osixia/openldap         "/container/tool/run"    3 days ago          Up 3 days           389/tcp, 636/tcp                           dreamy_babbage
9597ef0cded5        jwilder/nginx-proxy     "/app/docker-entrypoi"   3 days ago          Up 3 days           0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   pensive_raman

我创建带有和不带有VIRTUAL_PORT选项的sharelatex图像:

sudo docker run -d -e "VIRTUAL_HOST=latex.comnmodel.org" -e "VIRTUAL_PORT=80" -v ~/sharelatex_data:/var/lib/sharelatex -p 5000:80 --name=sharelatex sharelatex/sharelatex

docker exec pensive_raman grep -vE '^\s*$' /etc/nginx/conf.d/default.conf返回

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
        server_name _; # This is just an invalid value which will never trigger on a real hostname.
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        return 503;
}
upstream latex.comnmodel.org {
                        # sharelatex
                        server 172.17.0.5:80;
}
server {
        server_name latex.comnmodel.org;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass http://latex.comnmodel.org;
        }
}
upstream ldap.comnmodel.org {
                        # sleepy_thompson
                        server 172.17.0.4:80;
}
server {
        server_name ldap.comnmodel.org;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass http://ldap.comnmodel.org;
        }
}

当我在我的vps ip ping latex.comnmodel.org上找到51.255.47.40时:

PING latex.comnmodel.org (51.255.47.40) 56(84) bytes of data.
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=1 ttl=50 time=14.6 ms
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=2 ttl=50 time=12.9 ms
64 bytes from 40.ip-51-255-47.eu (51.255.47.40): icmp_seq=3 ttl=50 time=13.6 ms

docker logs pensive_raman返回

nginx.1    | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:23 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
nginx.1    | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:26 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
nginx.1    | latex.comnmodel.org 81.64.146.124 - - [22/Nov/2015:22:40:32 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"

我尝试连接到pensive_raman(nginx代理镜像的名称)并ping sharelatex容器172.0.17.5，但没有成功，我的网络配置是否存在问题？

是否需要使用--link的docker run选项连接nginx-proxy容器和sharelatex容器？

我在0.0.0.0上有两个80端口，这可能是问题所在，当我运行sharelatex图像时，我需要精确设置一个IP 172.17.0.5？这不是干净的

该网站latex.comnmodel.org返回一个502 bad gateway，我在这里想念的是，这非常令人沮丧:(

更新1:

Documentation表示，如果--icc = false，则命令sudo iptables -L -n命令包含DROP RULE。似乎并非如此，因此icc选项采用默认的true值。

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-sshd   tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.2           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.2           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.5           tcp dpt:80

Chain f2b-sshd (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Answer 1

检查您是否正在使用--icc=false运行Docker守护程序(容器间通信)