nginx docker容器:502错误的网关响应 [英] nginx docker container: 502 bad gateway response

问题描述

我有一个监听8080端口的服务.这不是一个容器.

I've a service listening to 8080 port. This one is not a container.

然后，我使用正式图片创建了一个nginx容器:

Then, I've created a nginx container using oficial image:

docker run --name nginx -d -v /root/nginx/conf:/etc/nginx/conf.d -p 443:443 -p 80:80 nginx

毕竟:

# netstat -tupln | grep 443
tcp6       0      0 :::443                  :::*                    LISTEN      3482/docker-proxy
# netstat -tupln | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      3489/docker-proxy
tcp6       0      0 :::8080                 :::*                    LISTEN      1009/java

Nginx配置为:

upstream eighty {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name eighty.domain.com;

    location / {
      proxy_pass                        http://eighty;
    }
}

我已检查是否可以通过# curl http://127.0.0.1:8080

I've checked I'm able to connect with with this server with # curl http://127.0.0.1:8080

 <html><head><meta http-equiv='refresh'
 content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body
 style='background-color:white; color:white;'>
 ...

但是，运行情况似乎不错，当我尝试使用浏览器进行访问时，nginx告诉bt 502错误的网关响应.

It seems running well, however, when I'm trying to access using my browser, nginx tells bt a 502 bad gateway response.

我正在弄清楚，这可能是与非容器化过程中的容器和容器之间的可见性有关的问题.我可以在与其他非容器进程打开的端口之间建立稳定的连接吗?

I'm figuring out it can be a problem related with the visibility between a open by a non-containerized process and a container. Can I container stablish connection to a port open by other non-container process?

编辑

记录upstream { server 127.0.0.1:8080; }所在的位置:

2016/07/13 09:06:53 [error] 5#5: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "eighty.domain.com"
62.57.217.25 - - [13/Jul/2016:09:06:53 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"

记录upstream { server 0.0.0.0:8080; }所在的位置:

62.57.217.25 - - [13/Jul/2016:09:00:30 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-" 2016/07/13 09:00:30 [error] 5#5: *1 connect() failed (111: Connection refused) while connecting to upstream, client:
62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:8080/", host: "eighty.domain.com" 2016/07/13 09:00:32 [error] 5#5: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 62.57.217.25, server: eighty.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:8080/", host: "eighty.domain.com"
62.57.217.25 - - [13/Jul/2016:09:00:32 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"

有什么想法吗?

推荐答案

问题

在容器方面，Localhost有点棘手.在docker容器中，localhost指向容器本身. 这意味着，上游是这样的:

The Problem

Localhost is a bit tricky when it comes to containers. Within a docker container, localhost points to the container itself. This means, with an upstream like this:

upstream foo{
  server 127.0.0.1:8080;
}

或

upstream foo{
  server 0.0.0.0:8080;
}

您正在告诉nginx将您的请求传递给本地主机. 但是在docker-container的上下文中，localhost(和相应的IP地址)指向容器本身:

you are telling nginx to pass your request to the local host. But in the context of a docker-container, localhost (and the corresponding ip addresses) are pointing to the container itself:

通过寻址127.0.0.1，如果您的容器不在主机网络上，您将永远不会到达主机.

by addressing 127.0.0.1 you will never reach your host machine, if your container is not on the host network.

您可以选择在与主机相同的网络上运行nginx:

You can choose to run nginx on the same network as your host:

docker run --name nginx -d -v /root/nginx/conf:/etc/nginx/conf.d --net=host nginx

请注意，在这种情况下，您无需公开任何端口.

Note that you do not need to expose any ports in this case.

这有效，尽管您失去了Docker网络的优势.如果您有多个容器应通过Docker网络进行通信，则此方法可能会成为问题.如果您只想与docker一起部署nginx，并且不想使用任何高级docker网络功能，则此方法很好.

This works though you lose the benefit of docker networking. If you have multiple containers that should communicate through the docker network, this approach can be a problem. If you just want to deploy nginx with docker and do not want to use any advanced docker network features, this approach is fine.

另一个方法是通过添加其远程IP地址来重新配置您的nginx上游指令以直接连接到您的主机:

Another aproach is to reconfigure your nginx upstream directive to directly connect to your host machine by adding its remote IP address:

upstream foo{
  //insert your hosts ip here
  server 192.168.99.100:8080;
}

容器现在将通过网络堆栈并正确解析主机:

The container will now go through the network stack and resolve your host correctly:

您也可以使用DNS名称.确保Docker知道您的DNS服务器.

You can also use your DNS name if you have one. Make sure docker knows about your DNS server.

这篇关于nginx docker容器:502错误的网关响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！