victorzadorozhnyy
@victorzadorozhnyy

Как правильно задать хост NGINX (esc контейнер)?

Нужна помощь с конфигом
Есть проеть с 4 контейнерами frontend, api и 2 nginx
Пытаюсь выгрузить в кластер aws ecs es2
при старте контейнеров выдает следующую ошибку (depends_on от nginx к контейнерам поставил)
[emerg] 1#1: host not found in upstream "frontend" in /etc/nginx/conf.d/default.conf:63

proxy_pass http://frontend:3000;
proxy_pass http://api:3000;
На локальной машине запускаю так
ngnix-forontend
server {
      listen         80;  // на сервере открыт только 443
      server_name    default localhost nginx-frontend frontend;
      return         301 https://$server_name$request_uri;
}

server {
    listen                    443;
    server_name               default localhost nginx-frontend frontend;

    # add Strict-Transport-Security to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=31536000"; 

    ssl_certificate           /etc/nginx/certs/cert.crt;
    ssl_certificate_key       /etc/nginx/certs/cert.key;
    ssl                       on;
    ssl_session_cache         builtin:1000  shared:SSL:10m;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout  5;

    gzip on;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";
    gzip_proxied any;
    gzip_http_version 1.1;
    gzip_min_length  1000;
    gzip_comp_level  6;
    gzip_buffers  16 8k;
    gzip_types  text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml;

    ignore_invalid_headers on;
    client_header_timeout  60s;
    client_body_timeout 60s;
    send_timeout   60s;
    reset_timedout_connection on;
    client_header_buffer_size 2560k;
    large_client_header_buffers 4 2560k;
    client_max_body_size 20M;
    client_body_buffer_size 16k;

	location / {
        proxy_pass          http://frontend:3000;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    Host      $http_host;
        proxy_pass_header   Authorization;
        if ($http_origin ~* "^https?://localhost$") {
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Origin $http_origin;
        }
        if ($http_origin ~* "^https?://frontend$") {
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Origin $http_origin;
        }
        if ($http_origin ~* "^https?://nginx-frontend$") {
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Origin $http_origin;
        }
    }
}

ngnix-api
server {
       listen         80;
       server_name     default localhost nginx-api api;
       return         301 https://$server_name$request_uri;
}

server {
    listen                    443;
    server_name               default localhost nginx-api api;

    ssl_certificate           /etc/nginx/certs/cert.crt;
    ssl_certificate_key       /etc/nginx/certs/cert.key;
    ssl                       on;
    ssl_session_cache         builtin:1000  shared:SSL:10m;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    # add Strict-Transport-Security to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=31536000"; 

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout  5;

    gzip on;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";
    gzip_proxied any;
    gzip_http_version 1.1;
    gzip_min_length  1000;
    gzip_comp_level  6;
    gzip_buffers  16 8k;
    gzip_types  text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml;

    ignore_invalid_headers on;
    client_header_timeout  60s;
    client_body_timeout 60s;
    send_timeout   60s;
    reset_timedout_connection on;
    client_header_buffer_size 2560k;
    large_client_header_buffers 4 2560k;
    client_max_body_size 20M;
    client_body_buffer_size 16k;

    location / {
        set $cors 'true';
        if ($http_origin ~* (^https?://(localhost(:3000)?|frontend(:3000))$)) {
            set $cors 'true';
        }

        if ($cors != 'true') {
            return 401;
        }

        if ($request_method = 'OPTIONS') {
            # Tell client that this pre-flight info is valid for a day
            add_header 'Access-Control-Max-Age' 86400;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
            return 204;
        }

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        # required to be able to read Authorization header in frontend
        #add_header 'Access-Control-Expose-Headers' 'Authorization' always;

        proxy_pass          http://api:3000;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    Host      $http_host;
     }
 }
  • Вопрос задан
  • 801 просмотр
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы