如何在两个容器之间通信：nginx和nodejs

发布于 2025-01-12 06:11:30 字数 1983 浏览 3 评论 0原文

我很难弄清楚如何从 nginx 容器代理传递到nodejs容器。

在我看来， http://localhost:3000 会落入 nginx 容器中......所以我认为这个设置是有意义的：

nginx 容器：

podman run -d \
            --name nginx.main \
            -p 0.0.0.0:8081:8080 \
            -p 0.0.0.0:4431:4430 \
            -p 0.0.0.0:3001:3000 \
            -u root \
            -v /home/_secrets/certbot/_certs:/etc/nginx/_cert \
            -v /home/mee/_volumes/nginx_main:/etc/nginx \
            nginx

nodejs 容器：

podman run -d \
            -v /home/mee/dev/abd/:/usr/src/app -w /usr/src/app \
            -p 3000:3000 \
            --name next.dev node:latest \
            npm run dev

firewalld，从 3001 路由到3000：

sudo firewall-cmd --add-port=3000/tcp --permanent
sudo firewall-cmd --add-port=3001/tcp --permanent
sudo firewall-cmd --permanent \
   --zone=mee_fd \
   --add-forward-port=port=3001:proto=tcp:toport=3000
sudo firewall-cmd --reload

nginx 配置：

location / {
                proxy_pass http://localhost:3000;
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
                # enable strict transport security only if you understand the implications
        }

真的不确定这应该如何通信...我尝试使用 ipaddress 而不是“localhost”，但我得到同样的反应。

谢谢

原文

Ii'm having a hard time figuring out how to proxypass into a nodejs container from a nginx container.

seems to me that http://localhost:3000 would fall inside the nginx container...so I thought this setup would make sense:

nginx container:

podman run -d \
            --name nginx.main \
            -p 0.0.0.0:8081:8080 \
            -p 0.0.0.0:4431:4430 \
            -p 0.0.0.0:3001:3000 \
            -u root \
            -v /home/_secrets/certbot/_certs:/etc/nginx/_cert \
            -v /home/mee/_volumes/nginx_main:/etc/nginx \
            nginx

nodejs container:

podman run -d \
            -v /home/mee/dev/abd/:/usr/src/app -w /usr/src/app \
            -p 3000:3000 \
            --name next.dev node:latest \
            npm run dev

firewalld, routing from 3001 to 3000:

sudo firewall-cmd --add-port=3000/tcp --permanent
sudo firewall-cmd --add-port=3001/tcp --permanent
sudo firewall-cmd --permanent \
   --zone=mee_fd \
   --add-forward-port=port=3001:proto=tcp:toport=3000
sudo firewall-cmd --reload

nginx config:

location / {
                proxy_pass http://localhost:3000;
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
                # enable strict transport security only if you understand the implications
        }

really not sure how this should communicate... I've tried using the ipaddress instead of 'localhost', but I get the same response.

thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

好菇凉咱不稀罕他 2025-01-19 06:11:30

为了允许容器之间的通信，您需要设置共享网络，例如在 .yaml 中（这可以在 ci 上完成，仅出于代码目的而在 .yaml 中报告）：

version: '2'
services:
proxy:
build: ./
networks:
- example1
- example2
ports:
- 80:80
- 443:443

networks:
example1:
external:
name: example1_default
example2:
external:
name: example2_default

然后在您的 nginx 配置中：

location / {
                proxy_pass http://myServiceName:3000; <-- note is not localhost but the name of node service
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
                # enable strict transport security only if you understand the implications
        }

让我知道

To allow communication between containers you need to setup a shared networks, e.g. in .yaml (this can be done as well as on ci, report in .yaml only for sake of code):

version: '2'
services:
proxy:
build: ./
networks:
- example1
- example2
ports:
- 80:80
- 443:443

networks:
example1:
external:
name: example1_default
example2:
external:
name: example2_default

Then in your nginx config:

location / {
                proxy_pass http://myServiceName:3000; <-- note is not localhost but the name of node service
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
                # enable strict transport security only if you understand the implications
        }

Let me know

回复收藏 0 原文

~没有更多了~