Docker 配置 docker-compose 和 nginx 让 jenkins 在 nginx 后面

Question

我是 docker 和 nginx 的新手，我设法让 nginx 在容器中运行 HTTPS，我想在 nginx 后面添加 jenkins。我不想在我的服务器上打开新端口，我希望所有流量都通过我的 nginx。

如何编写我的docker-compose.yaml 和我的app.conf（nginx 的配置文件）以使其一起工作？这是我的配置文件，我用一个虚拟的example.com 替换了我的域名，我希望 jenkins 可以在jenkins.example.com 上使用。

docker-compose.yml

nginx:
  image: nginx:1.17-alpine
  container_name: nginx-docker
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - ./data/nginx:/etc/nginx/conf.d
    - ./data/html:/etc/nginx/html
jenkins:
  image: "jenkins/jenkins:lts"
  container_name: jenkins-docker
  volumes:
    - ./data/jenkins:/var/jenkins_home
  expose:
    - "8080"
  ports:
    - "50000:50000"

app.conf

server {
    listen 80;
    server_name example.com;

    location / {
        return 301 https://$host$request_uri;
    } 
}

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        root html;
        index index.html;
    }
}

Answer 1

要使 nginx 的工作配置成为 Jenkins 的反向代理，您应该查看Official Jenkins Wiki。在那里您可以找到许多不同用例的示例（使用/不使用 SSL、AWS 等）

鉴于 nginx 也在 Docker 容器（在同一网络中）中运行，您必须在此处进行更改，即您不会重定向到 localhost:8080，而是重定向到 jenkins:8080（容器所在的 Docker 服务的名称）在同一个网络中可以通信）。

除此之外，您的 docker-compose.yml 看起来还不错。这里唯一的事情是您将端口 50000 映射到主机的端口 50000。如果您不想在机器上打开任何新端口，并且希望所有流量都通过 nginx，我真的认为这样做没有意义那。暴露它（就像你对端口 8080 所做的那样）就足够了，然后你可以在 nginx 中添加一行来引导特定子域的请求，例如。

Answer 2

这是我的配置文件的最终版本：

docker-compose

  nginx:
    image: nginx:1.17-alpine
    container_name: nginx-docker
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/html:/etc/nginx/html
  jenkins:
    image: "jenkins/jenkins:lts"
    container_name: jenkins-docker
    volumes:
      - ./data/jenkins:/var/jenkins_home
    expose:
      - "8080"

app.conf

server {
    listen 80;
    server_name example.com *.example.com;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        root html;
        index index.html;
    }
}

upstream jenkins {
  server jenkins:8080 fail_timeout=0;
}

server {
  listen 443 ssl;
  server_name jenkins.example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  location / {
    proxy_set_header        Host $host:$server_port;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect http:// https://;
    proxy_pass              http://jenkins;
    # Required for new HTTP-based CLI
    proxy_http_version 1.1;
    proxy_request_buffering off;
    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
    # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
    add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
  }
}