如何在Docker上进行反向代理 [英] how to do reverse proxy on docker

问题描述

我有一台服务器，正在使用Ubuntu 20.04，nginx，mosquitto和node-red和docker，我们将其称为网站 http://mywebsite.com .我已经创建了一个客户端，我面临的问题是在docker中将其称为client1，因此URL为 http://mywebsite.com/client1 我想通过mosquitto建立MQTT连接，我正在发送有关主题 test

I have a server and I am using Ubuntu 20.04, nginx , mosquitto and node-red and docker , let's call the website http://mywebsite.com. The problem that I am facing that I have created a client lets call it client1 in docker so the URL will be http://mywebsite.com/client1 and I want to establish an MQTT connection via mosquitto and I'm sending the data on topic test

当我写入mosquitto容器的IP地址时，在MQTT的红色节点上的节点起作用的问题

The problem that on node red node of MQTT when I write the IP address of my mosquitto container it works

但是，如果我使用mywebsite.com/client1更改IP地址192.144.0.5，则无法连接到mosquitto，也无法发送或接收任何形式的数据

But if I change the IP address 192.144.0.5 with mywebsite.com/client1 I can't connect to mosquitto and I can't send or receive any form of data

有关如何解决此问题的任何想法

any idea on how to solve this problem

推荐答案

好的，您这里将遇到一些问题.

OK, you are going to have several problems here.

1. 您不能使用MQTT进行基于路径的代理.如果您希望将多个MQTT代理(每个客户端1个)绑定到一个面向公众的域/IP地址，那么它们都将必须在单独的端口(默认端口1883除外)上运行.

1. You can not do path based proxying with MQTT. If you want to have multiple MQTT brokers (1 per client) bound to a single public facing domain/IP address then they are all going to have to run on separate ports (other than the default 1883).

Nginx可以执行MQTT协议代理(例如，像此)，因此您可以使用它公开不同的端口并将它们转发到mosquitto的单独实例，但是即使您使用不同的主机名(都指向相同的IP地址)，nginx也无法知道哪个主机名.使用主机名是因为没有等效于 HOST HTTP标头的主机名.如果要将MQTT与TLS结合使用，则可以使它与SNI一起使用，，但我从未见过有人这样做(基于SNI的路由可能的文档

Nginx can do MQTT protocol proxying (e.g. like this), so you can use this to expose the different ports and forward them to the separate instances of mosquitto, but even if you had a different hostname (all pointing at the same IP address) nginx has no way to know which host name was used because there is no equivalent to the HOST HTTP header to direct it. If you were to use MQTT with TLS then you may be able to get it to work with SNI, but I've never seen anybody do that yet (possible docs for SNI based routing here) It works, explanation about how to do it here.

如果通过Websockets使用MQTT，则应该能够使用基于主机名的路由.

If you use MQTT over Websockets then you should be able to use hostname based routing.

基于路径的Node-RED代理当前无法正常工作，因为管理员身份验证令牌当前存储在浏览器本地存储中，并且仅作用于主机名，而不是主机名+路径.这意味着客户端一次只能登录一个实例.

Path based proxying for Node-RED currently doesn't work properly if you enable admin authentication, because the admin auth tokens are currently stored in browser local storage and only scoped to the hostname, not the hostname + path. This will mean that a client will only ever be able to log into one instance at a time.

您可以通过使用基于主机的代理来解决此问题，例如 http://client1.mywebsite.com

You can work round this by using host based proxying, e.g. http://client1.mywebsite.com

Node-RED的待办事项列表上有此问题的修复程序，可能(不保证)在1.2.0版发布后进行查看

A fix for this is on the backlog for Node-RED, probably (no promises) to be looked at after version 1.2.0 ships

这篇关于如何在Docker上进行反向代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！