Wacdis
@Wacdis
PHP, Python, GO, Rust, NodeJS, SOA/MSA

Как запустить на одном хосте несколько разных серверов по портам?

Приветствую, коллеги!

Есть домен domain.com, контейнер gate и 3 внутренних контейнера custom, доступных из gate:


Нужна конфигурация nginx для того, чтобы:

Мой конфиг (failed)

# COMPOSER API ADMIN
server {
	listen 80;
	listen [::]:80;
	server_name domain.com admin.domain.com www.domain.com api.domain.com;
	location / {
		return 301 https://$host$request_uri;
	}
}
server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	client_max_body_size 2M;
	server_name domain.com admin.domain.com www.domain.com api.domain.com;
	charset utf-8;
	index index.php;
	root /code;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers off;
	add_header Strict-Transport-Security "max-age=63072000" always;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/lets-encrypt-r3.pem;

	gzip on;
	
	location / {
		dav_methods PUT DELETE;
		try_files $uri $uri/ @phpindex;
	}
	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass frontend-php:9000;
		fastcgi_index index.php;
		include fastcgi_params;

		fastcgi_param   QUERY_STRING            $query_string;
		fastcgi_param   REQUEST_METHOD          $request_method;
		fastcgi_param   CONTENT_TYPE            $content_type;
		fastcgi_param   CONTENT_LENGTH          $content_length;
		fastcgi_param   SCRIPT_FILENAME         $realpath_root$fastcgi_script_name;
		fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
		fastcgi_param   PATH_INFO               $fastcgi_path_info;
		fastcgi_param   PATH_TRANSLATED         $document_root$fastcgi_path_info;
		fastcgi_param   REQUEST_URI             $request_uri;
		fastcgi_param   DOCUMENT_URI            $document_uri;
		fastcgi_param   DOCUMENT_ROOT           $realpath_root;
		fastcgi_param   SERVER_PROTOCOL         $server_protocol;
		fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
		fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
		fastcgi_param   REMOTE_ADDR             $remote_addr;
		fastcgi_param   REMOTE_PORT             $remote_port;
		fastcgi_param   SERVER_ADDR             $server_addr;
		fastcgi_param   SERVER_PORT             $server_port;
		fastcgi_param   SERVER_NAME             $server_name;
	}
	location @phpindex {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass frontend-php:9000;
		fastcgi_index index.php;
		include fastcgi_params;

		set $index_name /index.php;

		fastcgi_param   QUERY_STRING            $query_string;
		fastcgi_param   REQUEST_METHOD          $request_method;
		fastcgi_param   CONTENT_TYPE            $content_type;
		fastcgi_param   CONTENT_LENGTH          $content_length;
		fastcgi_param   SCRIPT_FILENAME         $realpath_root$index_name;
		fastcgi_param   SCRIPT_NAME             $index_name;
		fastcgi_param   PATH_INFO               $fastcgi_path_info;
		fastcgi_param   PATH_TRANSLATED         $document_root$fastcgi_path_info;
		fastcgi_param   REQUEST_URI             $request_uri;
		fastcgi_param   DOCUMENT_URI            $document_uri;
		fastcgi_param   DOCUMENT_ROOT           $realpath_root;
		fastcgi_param   SERVER_PROTOCOL         $server_protocol;
		fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
		fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
		fastcgi_param   REMOTE_ADDR             $remote_addr;
		fastcgi_param   REMOTE_PORT             $remote_port;
		fastcgi_param   SERVER_ADDR             $server_addr;
		fastcgi_param   SERVER_PORT             $server_port;
		fastcgi_param   SERVER_NAME             $server_name;
	}
	location ~ /\.ht {
		deny  all;
	}
}

upstream customstream1 {
	server custom1:80;
}
server {
	listen 3000 ssl http2;
	listen [::]:3000 ssl http2;
	server_name domain.com;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers off;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/lets-encrypt-r3.pem;
	add_header Strict-Transport-Security "max-age=63072000" always;
	location / {
		proxy_pass http://customstream1;
		proxy_set_header Host            files.domain.com;
		proxy_set_header X-Forwarded-For $remote_addr;        
	}
}
upstream customstream2 {
	server custom2:80;
}
server {
	listen 3000 ssl http2;
	listen [::]:3000 ssl http2;
	server_name domain.com;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers off;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/lets-encrypt-r3.pem;
	add_header Strict-Transport-Security "max-age=63072000" always;
	location / {
		proxy_pass http://customstream2;
		proxy_set_header Host            files.domain.com;
		proxy_set_header X-Forwarded-For $remote_addr;        
	}
}
upstream customstream3 {
	server custom3:80;
}
server {
	listen 5000 ssl http2;
	listen [::]:5000 ssl http2;
	server_name domain.com;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers off;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/lets-encrypt-r3.pem;
	add_header Strict-Transport-Security "max-age=63072000" always;
	location / {
		proxy_pass http://customstream3;
		proxy_set_header Host            files.domain.com;
		proxy_set_header X-Forwarded-For $remote_addr;        
	}
}



Всем спасибо!
  • Вопрос задан
  • 296 просмотров
Решения вопроса 1
ky0
@ky0 Куратор тега Nginx
Миллиардер, филантроп, патологический лгун
У вас какая-то лапша вместо конфига. Разделите по-нормальному серверные блоки - это не тот оверхед, на котором стоит экономить.

Все описанные в вопросе хотелки - это стандартный функционал нгинкса, доступный в каждом первом мануале.
Ответ написан
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы