Nginx不会自动获取群集中的dns更改 [英] nginx does not automatically pick up dns changes in swarm

问题描述

我在默认的nginx配置中通过 lets-nginx 运行nginx. lets-nginx项目)在docker群中:

I'm running nginx via lets-nginx in the default nginx configuration (as per the lets-nginx project) in a docker swarm:

服务:

  ssl:
    image: smashwilson/lets-nginx
    networks:
      - backend
    environment:
      - EMAIL=sas@finestructure.co
      - DOMAIN=api.finestructure.co
      - UPSTREAM=api:5000
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - letsencrypt:/etc/letsencrypt
      - dhparam_cache:/cache

  api:
    image: registry.gitlab.com/project_name/image_name:0.1
    networks:
      - backend
    environment:
      - APP_SETTINGS=/api.cfg
    configs:
      - source: api_config
        target: /api.cfg
    command:
      - run
      - -w
      - tornado
      - -p
      - "5000"

api是一个烧瓶应用程序，它在群集覆盖网络backend的端口5000上运行.

api is a flask app that runs on port 5000 on the swarm overlay network backend.

最初启动服务时，一切正常.但是，每当我以使api容器在三个节点群中的节点之间移动的方式更新api时，nginx都无法将流量路由到新容器.

When services are initially started up everything works fine. However, whenever I update the api in a way that makes the api container move between nodes in the three node swarm, nginx fails to route traffic to the new container.

当新容器现在位于10.0.0.4上时，我可以在nginx日志中看到它坚持旧的内部ip，例如10.0.0.2.

I can see in the nginx logs that it sticks to the old internal ip, for instance 10.0.0.2, when the new container is now on 10.0.0.4.

为了使nginx看到"新IP，我需要重新启动nginx容器或docker exec到其中并kill -HUP nginx进程.

In order to make nginx 'see' the new IP I need to either restart the nginx container or docker exec into it and kill -HUP the nginx process.

是否有更好的自动方法使nginx容器刷新其名称解析?

Is there a better and automatic way to make the nginx container refresh its name resolution?

推荐答案

由于@Moema的指针，我想出了一个解决方案.需要对let-nginx的默认配置进行如下调整，以使nginx获取IP更改:

Thanks to @Moema's pointer I've come up with a solution to this. The default configuration of lets-nginx needs to be tweaked as follows to make nginx pick up IP changes:

  resolver 127.0.0.11 ipv6=off valid=10s;
  set $upstream http://${UPSTREAM};
  proxy_pass $upstream;

这将docker swarm的解析器与TTL结合使用，并设置了一个变量，迫使nginx刷新swarm中的名称查找.

This uses docker swarm's resolver with a TTL and sets a variable, forcing nginx to refresh name lookups in the swarm.

这篇关于Nginx不会自动获取群集中的dns更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！