我的Express https服务器在本地工作，但不在Docker容器中工作 [英] My express https server works locally but not in a docker container

问题描述

我目前有两个正在运行的docker容器:

I currently have two docker containers running:

ab1ae510f069        471b8de074c4        "docker-entrypoint.s…"   8 minutes ago       Up 8 minutes        0.0.0.0:3001->3001/tcp                     hopeful_bassi
2d4797b77fbf        5985005576a6        "nginx -g 'daemon of…"   25 minutes ago      Up 25 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   wizardly_cori

一个是我的客户端，另一个(端口3001)是我的服务器.

One is my client and the other (port 3001) is my server.

我面临的问题是我刚刚将SSL添加到我的网站，但是现在我无法访问服务器.我的理论是服务器需要同时打开端口443和端口3001，但不能在两个容器上同时打开port 443.我可以通过HTTP在本地运行服务器，因此我认为这也指向了这一结论.

The issue I'm facing is I've just added SSL to my site, but now I can't access the server. My theory is that the server needs both port 443 and port 3001 open, but I can't have port 443 open on both containers. I can run the server via HTTP locally, so I think that also points to this conclusion.

我可以做些什么使两者都使用https吗?如果服务器使用http(出于明显的原因)，则客户端不会与服务器对话.

Is there anything I can do to have both using https? The client won't talk to the server if the server uses http (for obvious reasons).

我现在不确定是否与端口443有关，因为我杀死了客户端并试图仅运行服务器，但是它仍然使我的连接被拒绝:

I'm now not sure if it is to do with port 443, as I killed my client and tried to just run the server, but it still gave me connection refused:

docker run -dit --restart unless-stopped -p 3001:3001 -p 443:443 471b8de074c4

推荐答案

如果打开Docker容器的端口443，则表示将启动docker管理的工具.这个工具(无论如何，都是非常理想的)会将TCP requrest转发到您的主机端口443到容器.

If you open the port 443 for a docker container, it means that a docker-managed tool will be started. This (anyways, highly sup-optimal) tool will forward the TCP requrest to your host port 443 to the container.

如果您希望两个容器使用端口443，则docker希望在同一端口上两次启动此portforwarder.如您的docker输出所示，它只能发生一次.也许(深入)(几乎不存在)docker日志中，您还可以看到相关的错误消息.

If you want two containers to use the port 443, docker would want to start this portforwarder twice, on the same port. As your docker output shows, it could happen only once. Maybe digging (deeply) in the (nearly non-existent) docker logs, you can see also the relevant error message.

您发现的问题并不依赖于docker，这是在无容器环境中也会遇到的相同问题-您根本无法启动在同一个TCP端口上侦听的多个服务进程.

The problem you've found is not docker-dependant, it is the same problem what you would face also in a container-less environment - you simply can't start multiple service processes listening on the same TCP port.

解决方案也来自于容器之前的世界.

Also the solution is coming from the world before the containers.

您需要一个中央代理服务，它将侦听您的端口443，并将请求(取决于请求的虚拟主机)转发到相应的容器.

You need a central proxy service, this would listen on your port 443, and forward the requests - depending on the asked virtualhost - to the corresponding container.

深入docker容器中，几乎可以确定是否存在这样的https转发代理.第三个容器将把请求转发到您想要的地方.当然，您需要对其进行配置.

Dig into the docker containers, it is nearly sure that such a https forward proxy exists. This third container will forward the requests where you want. Of course you will need to configure it.

从那一刻起，您甚至不需要在容器中添加https(尽管您可以根据需要)，这在生产高效且经过正确认证的ssl环境中大有帮助.只有您的代理需要证书.所以:

From that moment, you don't even need to have https in your containers (although you can if you want), what helps a lot in productive, correctly certified ssl environments. Only your proxy will need the certificates. So:

                 /---> container A (tcp:80)
tcp:443 -- proxy
                 \---> container B (tcp:80)

这篇关于我的Express https服务器在本地工作，但不在Docker容器中工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！