Невозможно делать запросы, используя AX IOS между двумя контейнерами при использовании NGINX - PullRequest
Новая
       4

Невозможно делать запросы, используя AX IOS между двумя контейнерами при использовании NGINX

0 голосов
/ 20 февраля 2020

Я создаю три контейнера, используя docker -compose.

Первый (фронтальный) с Vue. js, второй с API с Node.js и третий запускает Nginx для «защиты» с помощью SSL (чтобы сделать что-то вроде this ).

После некоторых тестов, чтобы Vue. js работал правильно, docker-compose.yml станьте этим: 

version: '3'

services:
  api:
    image: node-image
    container_name: api
    build:
      context: 'api.equilibrista.app'
      dockerfile: Dockerfile
    ports:
      - "3000:3000"
    environment:
      TZ: America/Sao_Paulo
    restart:
      always
    networks:
      - equilibrista-network

  front:
    image: vue-image
    container_name: front
    build:
      context: 'www.equilibrista.app'
      dockerfile: Dockerfile
    ports:
      - "8888:8888"
    environment:
      TZ: America/Sao_Paulo
    restart: always
    networks:
      - equilibrista-network
    depends_on:
      - api

  server:
    image: nginx:latest
    container_name: server
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./equilibrista_nginx/web-root:/var/www/html
      - ./equilibrista_nginx/nginx-conf:/etc/nginx/conf.d
      - ./equilibrista_nginx/certbot-etc:/etc/letsencrypt
      - ./equilibrista_nginx/certbot-var:/var/lib/letsencrypt
      - ./equilibrista_nginx/dhparam:/etc/ssl/certs
    depends_on:
      - api
      - front
    networks:
      - equilibrista-network

  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - ./equilibrista_nginx/certbot-etc:/etc/letsencrypt
      - ./equilibrista_nginx/certbot-var:/var/lib/letsencrypt
      - ./equilibrista_nginx/web-root:/var/www/html
    depends_on:
      - server
    command: certonly --webroot --webroot-path=/var/www/html --email eu@rafaelmiller.com --agree-tos --no-eff-email --force-renewal -d equilibrista.app  -d www.equilibrista.app

volumes:
  certbot-etc:
  certbot-var:
  web-root:
    driver: local
    driver_opts:
      type: none
      device: equilibrista_nginx/views
      o: bind
  dhparam:
    driver: local
    driver_opts:
      type: none
      device: equilibrista_nginx/dhparam/
      o: bind

networks:
  equilibrista-network:
    driver: bridge

(работает нормально, как вы можете видеть в equilibrista.app )

Но, когда попытаетесь сделать GET запрос, ax ios пытается использовать http://api: 3000 / api / в качестве API_URL, а не имя контейнера, как я ожидал. 

env.API_URL = 'http://api:3000/api/'

axios.get(env.API_URL + 'exam', { params: { examId: '5e2b58d0a0d4295c96fa5e75' } }).then(response => ...

может быть, это может быть полезным:

nginx.conf file: 

server {
  listen 80;
  listen [::]:80;
  server_name equilibrista.app www.equilibrista.app;

  location ~ /.well-known/acme-challenge {
    allow all;
    root /var/www/html;
  }

  location / {
    rewrite ^ https://$host$request_uri? permanent;
  }
}

server {
  listen 80;
  listen [::]:80;
  server_name api.equilibrista.app;

  location @api {
    proxy_pass http://api:3000;
  }

  location / {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PATCH, PUT';
    try_files $uri @api;
  }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name equilibrista.app www.equilibrista.app;

  server_tokens off;

  ssl_certificate /etc/letsencrypt/live/equilibrista.app/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/equilibrista.app/privkey.pem;

  ssl_buffer_size 8k;

  ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_prefer_server_ciphers on;

  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  ssl_ecdh_curve secp384r1;
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    try_files $uri @front;
  }

  location @front {
    proxy_pass http://front:8888;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    # enable strict transport security only if you understand the implications
  }

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name api.equilibrista.app;

  server_tokens off;

  ssl_certificate /etc/letsencrypt/live/equilibrista.app/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/equilibrista.app/privkey.pem;

  ssl_buffer_size 8k;

  ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_prefer_server_ciphers on;

  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  ssl_ecdh_curve secp384r1;
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    try_files $uri @api;
  }

  location @api {
    proxy_pass http://api:3000;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    # enable strict transport security only if you understand the implications
  }

  root /home/node/app;
  index index.html index.htm index.nginx-debian.html;
}

Я застрял в этом на несколько дней ...

...