nginx docker 容器:502 错误的网关响应 [英] nginx docker container: 502 bad gateway response

问题描述

我有一个监听 8080 端口的服务.这不是容器.

I've a service listening to 8080 port. This one is not a container.

然后，我使用官方镜像创建了一个 nginx 容器:

Then, I've created a nginx container using oficial image:

docker run --name nginx -d -v /root/nginx/conf:/etc/nginx/conf.d -p 443:443 -p 80:80 nginx

毕竟:

# netstat -tupln | grep 443
tcp6       0      0 :::443                  :::*                    LISTEN      3482/docker-proxy
# netstat -tupln | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      3489/docker-proxy
tcp6       0      0 :::8080                 :::*                    LISTEN      1009/java

Nginx 配置为:

upstream eighty {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name eighty.domain.com;

    location / {
      proxy_pass                        http://eighty;
    }
}

我已经检查过我可以使用 # curl http://127.0.0.1:8080

I've checked I'm able to connect with with this server with # curl http://127.0.0.1:8080

 <html><head><meta http-equiv='refresh'
 content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body
 style='background-color:white; color:white;'>
 ...

它似乎运行良好，但是，当我尝试使用浏览器访问时，nginx 告诉 bt 502 错误的网关响应.

It seems running well, however, when I'm trying to access using my browser, nginx tells bt a 502 bad gateway response.

我发现这可能是与非容器化进程打开的和容器之间的可见性有关的问题.容器可以与其他非容器进程打开的端口建立连接吗?

I'm figuring out it can be a problem related with the visibility between a open by a non-containerized process and a container. Can I container stablish connection to a port open by other non-container process?

编辑

记录其中 upstream { server 127.0.0.1:8080;}:

2016/07/13 09:06:53 [error] 5#5: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "eighty.domain.com"
62.57.217.25 - - [13/Jul/2016:09:06:53 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"

记录其中 upstream { server 0.0.0.0:8080;}:

62.57.217.25 - - [13/Jul/2016:09:00:30 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-" 2016/07/13 09:00:30 [error] 5#5: *1 connect() failed (111: Connection refused) while connecting to upstream, client:
62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:8080/", host: "eighty.domain.com" 2016/07/13 09:00:32 [error] 5#5: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:8080/", host: "eighty.domain.com"
62.57.217.25 - - [13/Jul/2016:09:00:32 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"

有什么想法吗?

推荐答案

问题

Localhost 在容器方面有点棘手.在 docker 容器中， localhost 指向容器本身.这意味着，上游是这样的:

The Problem

Localhost is a bit tricky when it comes to containers. Within a docker container, localhost points to the container itself. This means, with an upstream like this:

upstream foo{
  server 127.0.0.1:8080;
}

或

upstream foo{
  server 0.0.0.0:8080;
}

您是在告诉 nginx 将您的请求传递给本地主机.但是在 docker-container 的上下文中，localhost(和相应的 ip 地址)指向容器本身:

you are telling nginx to pass your request to the local host. But in the context of a docker-container, localhost (and the corresponding ip addresses) are pointing to the container itself:

通过寻址 127.0.0.1，如果您的容器不在主机网络上，您将永远无法访问您的主机.

by addressing 127.0.0.1 you will never reach your host machine, if your container is not on the host network.

您可以选择在与主机相同的网络上运行 nginx:

You can choose to run nginx on the same network as your host:

docker run --name nginx -d -v /root/nginx/conf:/etc/nginx/conf.d --net=host nginx

请注意，在这种情况下，您不需要公开任何端口.

Note that you do not need to expose any ports in this case.

虽然你失去了 docker 网络的好处，但它仍然有效.如果您有多个容器应该通过 docker 网络进行通信，则这种方法可能会出现问题.如果你只是想用 docker 部署 nginx 而不想使用任何高级的 docker 网络功能，这个方法就可以了.

This works though you lose the benefit of docker networking. If you have multiple containers that should communicate through the docker network, this approach can be a problem. If you just want to deploy nginx with docker and do not want to use any advanced docker network features, this approach is fine.

另一种方法是重新配置您的 nginx 上游指令以通过添加其远程 IP 地址直接连接到您的主机:

Another approach is to reconfigure your nginx upstream directive to directly connect to your host machine by adding its remote IP address:

upstream foo{
  //insert your hosts ip here
  server 192.168.99.100:8080;
}

容器现在将通过网络堆栈并正确解析您的主机:

The container will now go through the network stack and resolve your host correctly:

如果您有 DNS 名称，您也可以使用它.确保 docker 知道您的 DNS 服务器.

You can also use your DNS name if you have one. Make sure docker knows about your DNS server.

这篇关于nginx docker 容器:502 错误的网关响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！