Pentru început, nu sunt bine versat în server proxy, dar mă pot înțelege puțin.
Iată scenariul.
Rulez o aplicație într-un container docker, folosind django, nginx, daphne, redis pe un server apache.
- Vizitați site-ul web condus de apache folosind example.com.
- Apache face o trecere proxy către Nginx (care rulează într-un container) 80:8080 și 443:8443
- Apoi Nginx îi trece pe Daphne pentru a rula aplicația reală care rulează pe portul 8000 din container
Site-ul funcționează perfect, cu excepția conexiunii websocket care returnează un 404 când accesați example.com
Dar dacă vizitez example.com:8443, websocket-urile funcționează conform așteptărilor.
Am încercat să trec numărul portului împreună cu permisul de proxy, dar nu pare să ajungă niciodată în antetele solicitării.
Trebuie doar să știu unde să caut ca să-mi dau seama. Este o problemă Apache, Nginx sau Daphne?
Am încercat atât de multe lucruri încât nu merită enumerate momentan. Sper că faptul că websocket-urile funcționează când pun numărul portului în bara de adrese este un indiciu.
Multumesc in avans pentru ajutor!
Actualizați
Directiva Apache de transmis la Nginx
SSLProxyEngine activat
SSLProxyVerify niciunul
SSLProxyCheckPeerCN dezactivat
SSLProxyCheckPeerName dezactivat
SSLProxyCheckPeerExpire dezactivat
ProxyPass "/" "https://localhost:8443/"
ProxyPassReverse "/" "https://localhost:8443/"
Configurarea Nginx
aplicație în amonte {
aplicație server: 8000;
}
Server {
asculta 80;
nume_server secret.com;
Locație / {
proxy_pass http://app;
proxy_http_versiunea 1.1;
proxy_set_header Actualizare $http_upgrade;
proxy_set_header Conexiune „Actualizare”;
proxy_set_header Gazdă $http_host;
}
locație /static/ {
alias /static/;
}
}
Server {
asculta 443 ssl;
nume_server secret.com;
ssl_certificate /etc/nginx/certs/srv1.videsignz.com.crt;
ssl_certificate_key /etc/nginx/private/srv1.videsignz.com.key;
Locație / {
try_files $uri @proxy_to_app;
}
locație @proxy_to_app {
proxy_pass http://app;
proxy_ssl_certificate /etc/nginx/certs/srv1.videsignz.com.crt;
proxy_ssl_certificate_key /etc/nginx/private/srv1.videsignz.com.key;
proxy_http_versiunea 1.1;
proxy_set_header Actualizare $http_upgrade;
proxy_set_header Conexiune „Actualizare”;
proxy_set_header Gazdă $http_host;
proxy_set_header X-Real-IP $adresă_la distanță;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $nume_server;
proxy_set_header X-Forwarded-Port $server_port;
}
locație /static/ {
alias /static/;
}
}
Fișierul Docker Compose
versiunea: „3.7”
Servicii:
aplicatie:
volume:
- active:/active
imagine: videsignz/ktech:latest
porturi:
- „8000:8000”
nginx:
build: ./nginx
volume:
- active:/active
- /etc/ssl/certs:/etc/nginx/certs
- /etc/ssl/private:/etc/nginx/private
porturi:
- „8080:80”
- „8443:443”
depinde de:
- aplicație
redis:
imagine: redis:latest
porturi:
- „6379:6379”
depinde de:
- aplicație
volume:
active:
Fișierul punctului de intrare
#!/bin/sh
python manage.py collectstatic --no-input
daphne -b 0.0.0.0 -p 8000 core.asgi:application
Complet Apache Virtual Host Config portul 80 și portul 443
<VirtualHost 198.46.134.221:80>
ServerName connect.ktechonline.com
ServerAlias mail.connect.ktechonline.com www.connect.ktechonline.com
DocumentRoot /home/connktechonline/public_html
ServerAdmin [email protected]
UseCanonicalName Off
## User connktechonline # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
<IfModule !mod_passenger.c>
UserDir disabled
UserDir enabled connktechonline
</IfModule>
</IfModule>
</IfModule>
</IfModule>
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
<IfModule include_module>
<Directory "/home/connktechonline/public_html">
SSILegacyExprParser On
</Directory>
</IfModule>
<IfModule suphp_module>
suPHP_UserGroup connktechonline connktechonline
</IfModule>
<IfModule suexec_module>
<IfModule !mod_ruid2.c>
SuexecUserGroup connktechonline connktechonline
</IfModule>
</IfModule>
<IfModule ruid2_module>
RMode config
RUidGid connktechonline connktechonline
</IfModule>
<IfModule mpm_itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID connktechonline connktechonline
</IfModule>
<IfModule mod_passenger.c>
PassengerUser connktechonline
PassengerGroup connktechonline
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ /home/connktechonline/public_html/cgi-bin/
</IfModule>
# Global DCV Rewrite Exclude
<IfModule rewrite_module>
RewriteOptions Inherit
</IfModule>
Include "/etc/apache2/conf.d/userdata/std/2_4/connktechonline/connect.ktechonline.com/*.conf"
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/std/2_4/connktechonline/connect.ktechonline.com/*.conf"
</VirtualHost>
<VirtualHost 198.46.134.221:443>
ServerName connect.ktechonline.com
ServerAlias mail.connect.ktechonline.com www.connect.ktechonline.com webmail.connect.ktechonline.com cpcontacts.connect.ktechonline.com autodiscover.connect.ktechonline.com cpcalendars.connect.ktechonline.com cpanel.connect.ktechonline.com webdisk.connect.ktechonline.com
DocumentRoot /home/connktechonline/public_html
ServerAdmin [email protected]
UseCanonicalName Off
## User connktechonline # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
<IfModule !mod_passenger.c>
UserDir disabled
UserDir enabled connktechonline
</IfModule>
</IfModule>
</IfModule>
</IfModule>
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
<IfModule mod_include.c>
<Directory "/home/connktechonline/public_html">
SSILegacyExprParser On
</Directory>
</IfModule>
<Proxymatch ^https?://127\.0\.0\.1:(2082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Proxymatch>
<IfModule mod_suphp.c>
suPHP_UserGroup connktechonline connktechonline
</IfModule>
<IfModule suexec_module>
<IfModule !mod_ruid2.c>
SuexecUserGroup connktechonline connktechonline
</IfModule>
</IfModule>
<IfModule ruid2_module>
RMode config
RUidGid connktechonline connktechonline
</IfModule>
<IfModule mpm_itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID connktechonline connktechonline
</IfModule>
<IfModule mod_passenger.c>
PassengerUser connktechonline
PassengerGroup connktechonline
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ /home/connktechonline/public_html/cgi-bin/
</IfModule>
<IfModule ssl_module>
SSLEngine on
SSLCertificateFile /var/cpanel/ssl/apache_tls/connect.ktechonline.com/combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/home/connktechonline/public_html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</IfModule>
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass "/" "https://localhost:8443/"
ProxyPassReverse "/" "https://localhost:8443/"
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/ssl/2_4/connktechonline/connect.ktechonline.com/*.conf"
<IfModule headers_module>
RequestHeader set X-HTTPS 1
</IfModule>
RewriteEngine On
RewriteCond %{HTTP_HOST} =autodiscover.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =autodiscover.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^ http://127.0.0.1/cgi-sys/autodiscover.cgi [P]
RewriteCond %{HTTP_HOST} =cpanel.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =cpanel.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
RewriteCond %{HTTP_HOST} =cpcalendars.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =cpcalendars.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} =cpcontacts.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =cpcontacts.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} =webdisk.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =webdisk.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
RewriteCond %{HTTP_HOST} =webmail.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =webmail.connect.ktechonline.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteCond %{HTTP_HOST} =cpanel.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =cpanel.connect.ktechonline.com:443
RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteCond %{HTTP_HOST} =webmail.connect.ktechonline.com [OR]
RewriteCond %{HTTP_HOST} =webmail.connect.ktechonline.com:443
RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
RewriteRule ^/Microsoft-Server-ActiveSync /___proxy_activesync/$1 [PT]
ProxyPass "/___proxy_activesync" "http://127.0.0.1:2090/Microsoft-Server-ActiveSync" max=1 retry=0
</VirtualHost>
