DOCKER: Nginx + php-fpm + Bitrix24 | Как настроить nginx для перенаправлений на локальный push-server?

Question

[kolllak]

Заморочился с переносом битрикс-окружения на Docker и уперся в настройку проксирования на Push-сервер..
Пациент: Битрикс интернет-магазин + CRM

не могу победить настройку конфигурации для работы Push-server'а
Push-server собрал на базе node10 + модуль из bitrix.repo: push-server-multi
Nginx собрал по конфигурации с bitrix-env с модулем nginx-push-stream-module и прочими

Сервисы - порты:
redis: 6379
nginx: 80:80 443:443 1137-1139:1137-1139 5222-5223:5222-5223
php-fpm: 9000
push-server: 8010-8015 8893-8895 9010-9011

Текущие конфиги nginx:

/etc/nginx/nginx.conf

user bitrix;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 10240;

events {
	use epoll;
	worker_connections  10240;
}

http {

	include /etc/nginx/mime.types;
	default_type application/force-download;
	server_names_hash_bucket_size 128;

	# Description of supported access log formats
	log_format main	'$remote_addr - $remote_user [$time_local - $upstream_response_time] '
                  '$status "$request" $body_bytes_sent '
                  '"$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
	log_format common '$remote_addr - - [$time_local - $upstream_response_time] '
                    '"$request" $status $bytes_sent '
                    '"$http_referer" "$http_user_agent" $msec';

	log_format balancer '$remote_addr - $remote_user [$time_iso8601] "$host" '
                    '"$request" $status $body_bytes_sent "schema: $scheme" '
                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
                    '"$request_length" : "$request_time" -> $upstream_response_time';

	log_format debug '$upstream_response_time,"$time_local","$remote_addr","$request",$status,$body_bytes_sent';

    proxy_redirect ~^http://([^:]+):443(/.+)$ https://$1$2;

    include /etc/nginx/conf.d/*.conf;
#     include /etc/nginx/sites-available/*.conf;
    open_file_cache max=100;
}

daemon off;

/etc/nginx/conf.d/default.conf

server {
	listen 80;
	server_name sitename.ru www.sitename.ru;
	return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
        ssi on;
        gzip on;
        gzip_comp_level 7;
		gzip_types application/x-javascript application/javascript text/css;

		server_name sitename.ru www.sitename.ru;
        charset off;
		index index.php bitrixsetup.php;
        root $root_path;

		set	$root_path /var/www/bitrix;

		include conf.d/ssl.conf;
		access_log /var/log/nginx/bitrix_access.log;
		error_log /var/log/nginx/bitrix_error.log notice;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        
	client_max_body_size 1024M;
        client_body_buffer_size 4M;

		location / {
			try_files $uri $uri/ @bitrix;

		}

        location ~* /upload/.*\.(php|php3|php4|php5|php6|phtml|pl|asp|aspx|cgi|dll|exe|shtm|shtml|fcg|fcgi|fpl|asmx|pht|py|psp|rb|var)$ {
                types {
                        text/plain text/plain php php3 php4 php5 php6 phtml pl asp aspx cgi dll exe ico shtm shtml fcg fcgi fpl asmx pht py psp rb var;
                }
				client_body_buffer_size 1024m;
				client_max_body_size 1024m;
        }

        location ~ \.php$ {
                try_files       $uri @bitrix;
                fastcgi_pass    php-upstream;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@1sev.ru";
                include fastcgi_params;
        }

        location @bitrix {
                fastcgi_pass    php-upstream;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@sitename.ru";
				fastcgi_param PHP_ADMIN_VALUE "session.save_path = /var/lib/php/session";
				#fastcgi_param PHP_ADMIN_VALUE "soap.wsdl_cache_dir = /var/www/bitrix/bx_temp/wsdlcache";
				#fastcgi_param PHP_ADMIN_VALUE "opcache.file_cache = /var/www/bitrix/bx_temp/opcache";
        }

        location ~* /bitrix/admin.+\.php$ {
                try_files       $uri @bitrixadm;
                fastcgi_pass    php-upstream;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@sitename.ru";
                include fastcgi_params;
        }

        location @bitrixadm{
                fastcgi_pass    php-upstream;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/bitrix/admin/404.php;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@sitename.ru";
        }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        # ht(passwd|access)
        location ~* /\.ht  { deny all; }

        # repositories
        location ~* /\.(svn|hg|git) { deny all; }

        # bitrix internal locations
        location ~* ^/bitrix/(modules|local_cache|stack_cache|managed_cache|php_interface) {
          deny all;
        }

        # upload files
        location ~* ^/upload/1c_[^/]+/ { deny all; }

        # use the file system to access files outside the site (cache)
        location ~* /\.\./ { deny all; }
        location ~* ^/bitrix/html_pages/\.config\.php { deny all; }
        location ~* ^/bitrix/html_pages/\.enabled { deny all; }

        # Intenal locations
        location ^~ /upload/support/not_image   { internal; }

        # Cache location: composite and general site
        location ~* @.*\.html$ {
          internal;
          # disable browser cache, php manage file
          expires -1y;
          add_header X-Bitrix-Composite "Nginx (file)";
        }

        # Player options, disable no-sniff
        location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ {
          add_header Access-Control-Allow-Origin *;
        }

        # Accept access for merged css and js
        location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ {
          expires 30d;
          error_page 404 /404.html;
        }

        # Disable access for other assets in cache location
        location ~* ^/bitrix/cache	{ deny all; }


        # Static content
        location ~* ^/(upload|bitrix/images|bitrix/tmp) {
          expires 30d;
        }

        location  ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|eot|otf)$ {
          error_page 404 /404.html;
          expires 30d;
        }

        location = /404.html {
                access_log off ;
        }

		location ~ /.git/ {
			deny all;
		}
}

/etc/nginx/conf.d/upstream.conf

upstream php-upstream {
    server php-fpm:9000;
}

Я не разбираюсь абсолютно в настройках Nginx...
Понимаю что необходимо адаптировать три файла из стандартной кофигурации:
rtc-server.conf
push.conf
rtc-im_settings.conf
содержимое не поместилось - прикрепил в комментарий

пока настраиваю в режиме одного сайта, опции location пока не переносил, текущие взяты из старой ветки форума поддержки

Вот только в многочисленных инклюдах стандартных конфигов окончательно запутался(

Comments

[kolllak]

стандартные файлы из окружения:

rtc-server.conf

# Ansible managed
server {
    listen 8895 default_server;
    server_name _;

    # access_log  /var/log/nginx/access.log  main buffer=64k;
    # access_log  /dev/shm/access.log simple;
    # error_log  /var/log/nginx/error.log  warn;
    access_log off;

    add_header "X-Content-Type-Options" "nosniff";

    location /server-stat {
        access_log off;
        proxy_pass http://nodejs_pub;
    }

    location  /nginx_status {
        stub_status on;
    }

    location /bitrix/pub/ {
        # IM doesn't wait
        proxy_ignore_client_abort on;
        proxy_pass http://nodejs_pub;
    }

		include bx/conf/im_subscrider.conf;

    location / {
        deny all;
    }
}

server {
    listen 8893;
    listen 8894 default_server ssl;

    access_log off;
    add_header Access-Control-Allow-Origin *;

    server_name _;

    # ssl settings
    include bx/conf/ssl.conf;

    # Include error handlers
    include bx/conf/errors.conf;

    # Include im subscrider handlers
    include bx/conf/im_subscrider.conf;
    
    location  /           { deny all; }
}

push.conf

# Nonsecure server for reading personal channels. Use secure server instead.
server {
    # nginx-push-stream-module server for push & pull
    listen	8893;
    server_name _;

    # Include error handlers
    include	bx/conf/errors.conf;

    # Include im subscrider handlers
    include	bx/conf/im_subscrider.conf;

    location  / 			{ deny all; }
}

# SSL enabled server for reading personal channels
server {
    listen	8894 ssl;
    server_name _;
    include	bx/conf/ssl-push.conf;

    # Include error handlers
    include	bx/conf/errors.conf;

    # Include im subscrider handlers
    include	bx/conf/im_subscrider.conf;

    location  / 			{ deny all; }
}

# Server to push messages to user channels
server {
    listen 127.0.0.1:8895;
    server_name _;

    location ^~ /bitrix/pub/ {
        push_stream_publisher			admin;
        push_stream_channels_path		$arg_CHANNEL_ID;
        push_stream_store_messages		on;
        allow					127.0.0.0/8;
        deny					all;
    }

    location /	{ deny all; }

    # Include error handlers
    include	bx/conf/errors.conf;
}

rtc-im_settings.conf

log_format simple '$time_local $status $request';

# if connection ti not set
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' 'close';
}

map $http_upgrade  $replace_upgrade {
  default $http_upgrade;
  ''      "websocket";
}

# sub services
upstream nodejs_sub {
  ip_hash;
  keepalive 1024;
  server bitrix.pool:8010;
  server bitrix.pool:8011;
  server bitrix.pool:8012;
  server bitrix.pool:8013;
  server bitrix.pool:8014;
  server bitrix.pool:8015;
}

# pub services
upstream nodejs_pub {
  ip_hash;
  keepalive 1024;
  server bitrix.pool:9010;
  server bitrix.pool:9011;
}

[Виктор Таран]

Переключи на облачный пуш
тем более что он сейчас будет по дефолту.

[kolllak]

Виктор Таран, спасибо, но дело в том что в данный момент данное окружение настраивается в основном для разработки а не для продакшена, и соответственно используется демонстрационная лицензия, которая не позволяет использовать данную опцию(

Answer 1

[luxter]

Я не разбираюсь абсолютно в настройках Nginx...

При этом вы пытаетесь что-то затащить в докер :) Посмотрите вот сюда, например. Тут описан вариант запуска как раз для разработки, что вы и хотите. Можно запускать как под Linux, так и через Docker Desktop + WSL2 в винде.