В докере работает API с:
nginx
nodejs api
postgresql
pgadmin4
certbot
Когда я пытаюсь добавить конечную точку для pgadmin, чтобы я мог работать с базой данных, я получаю неверный шлюз 502 независимо от того, как я настраиваю порты для proxy_pass или в docker-compose для фактического контейнера для pgadmin.
докер-compose.yml
version: "3"
services:
webserver:
image: nginx:mainline-alpine
container_name: webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- web-root:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- dhparam:/etc/ssl/certs
depends_on:
- api-graphql
- api-postgres-pgadmin
networks:
- app-network
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- web-root:/var/www/html
depends_on:
- webserver
command: certonly --force-renewal --webroot --expand --webroot-path=/var/www/html --email contact@name.dev --agree-tos --no-eff-email -d api.name.dev
api-graphql:
container_name: api-graphql
restart: always
build: .
depends_on:
- api-postgres
networks:
- app-network
api-postgres-pgadmin:
container_name: api-postgres-pgadmin
image: dpage/pgadmin4:latest
networks:
- app-network
ports:
- "8080:8080"
environment:
- PGADMIN_DEFAULT_EMAIL=name@gmail.com
- PGADMIN_DEFAULT_PASSWORD=pass
depends_on:
- api-postgres
api-postgres:
container_name: api-postgres
image: postgres:10
volumes:
- ./data:/data/db
networks:
- app-network
environment:
- POSTGRES_PASSWORD=pass
networks:
app-network:
driver: bridge
volumes:
certbot-etc:
certbot-var:
web-root:
driver: local
driver_opts:
type: none
device: /home/name/api/data
o: bind
dhparam:
driver: local
driver_opts:
type: none
device: /home/name/api/dhparam
o: bind
nginx.conf
server {
listen 80;
listen [::]:80;
server_name api.name.dev;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.name.dev;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/api.name.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.name.dev/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri @api-graphql;
}
location @api-graphql {
proxy_pass http://api-graphql:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
location /pg {
try_files $uri @api-postgres-pgadmin;
}
location @api-postgres-pgadmin {
proxy_pass http://api-postgres-pgadmin:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
Разве это не сработает с http://something.com/stuff, работающим с pgadmin? Нужен ли нам родительский поддомен, например stuff.something.com?