环境:
在centos7服务器,docker部署的nginx,同服务器下部署的应用
现象:
nginx使用localhost代理同服务器上的应用,访问返回502错误,nginx日志如下
2024/08/09 07:37:44 [error] 68#68: *16653 connect() failed (111: Connection refused) while connecting to upstream, client: 10.19.89.212, server: localhost, request: "GET /gateway-manager/api/v1/gateway/key/profiles HTTP/1.1", upstream: "http://127.0.0.1:8001/api/v1/gateway/key/profiles", host: "172.30.4.30:81"
2024/08/09 07:37:44 [error] 68#68: *16653 connect() failed (111: Connection refused) while connecting to upstream, client: 10.19.89.212, server: localhost, request: "GET /gateway-manager/api/v1/gateway/key/profiles HTTP/1.1", upstream: "http://127.0.0.1:8001/api/v1/gateway/key/profiles", host: "172.30.4.30:81"
10.19.89.212 - - [09/Aug/2024:07:37:44 +0000] "GET /gateway-manager/api/v1/gateway/key/profiles HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36"
2024/08/09 07:38:38 [error] 68#68: *16656 connect() failed (111: Connection refused) while connecting to upstream, client: 10.19.89.212, server: localhost, request: "GET /gateway-manager/api/v1/gateway/key/profiles HTTP/1.1", upstream: "http://127.0.0.1:8001/api/v1/gateway/key/profiles", host: "172.30.4.30:81"
10.19.89.212 - - [09/Aug/2024:07:38:38 +0000] "GET /gateway-manager/api/v1/gateway/key/profiles HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36"确认问题过程:
提示Connection refused是连接被拒绝,进入容器模拟请求。
[root@S-ZW-HLWJ-3 nginx]# docker exec -it nginx /bin/bash root@1752081aa212:/# curl http://127.0.0.1:8001/api/v1/gateway/key/profiles curl: (7) Failed to connect to 127.0.0.1 port 8001: Connection refused root@1752081aa212:/#docker容器访问宿主机服务不通,涉及容器和宿主机是否网络隔离,确认容器网络模式。
[root@S-ZW-HLWJ-3 nginx]# docker inspect -f '{{ .HostConfig.NetworkMode }}' nginx default # default是bridge(访问宿主机需要绑定端口),container(访问宿主机需要绑定端口),Host(通过宿主机网络通信),None(无法通信) # 因为容器未绑定端口所以无法在容器内通过127.0.0.1:8001访问到宿主机部署的服务。(如果不使用docker部署就不会有这个问题了,用Host网络模式也不会有这个问题)
解决办法
修改nginx.conf代理地址为宿主机IP(其他方法:1修改容器网络模式或者增加端口映射,2不使用docker部署nginx)
server { listen 81; ... # 修改localhost为服务器IP location /gateway-manager/api/{ # proxy_pass http://localhost:8001/api/; proxy_pass http://172.30.4.1:8001/api/; } ... }重新加载配置,测试
# 验证nginx配置文件格式是否正确 [root@S-ZW-HLWJ-3 ~]# docker exec nginx nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # 重新加载配置文件 [root@S-ZW-HLWJ-3 ~]# docker exec nginx nginx -s reload 2024/08/09 08:53:21 [notice] 64#64: signal process started # 使用curl命令访问代理后地址测试 [root@S-ZW-HLWJ-3 ~]# curl http://172.30.4.30:81/gateway-manager/api/v1/gateway/key/profiles {"code":"00000","message":"OK","data":[{"id":"271ClMkmYfg","projectName":"jiangk"}],"ok":true} [root@S-ZW-HLWJ-3 ~]#