告诉我如何关闭后端正在运行的端口,以使其在前端不可用。nginx docker server 环境使用 docker-compose nginx config
version: '3'
services:
nginx:
build:
context: ./
dockerfile: ./docker/nginx/Dockerfile
depends_on:
- php-fpm
links:
- php-fpm
volumes:
- ./:/var/www
ports:
- "8080:8080"
restart: always
docker容器中后端的nginx配置
server {
listen 8080;
index index.php index.html;
root /var/www/public;
#ssl on;
#ssl_certificate /etc/nginx/ssl/ssl-cert-snakeoil.pem;
#ssl_certificate_key /etc/nginx/ssl/ssl-cert-snakeoil.key;
index index.html;
location / {
try_files $uri /index.php?$args;
}
location /docs {
try_files $uri $uri/;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
我还在前面创建了一个用于代理的nginx服务器,如下所示
server {
listen 80;
server_name domain.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
}
}
如何确保根据请求 domain.com:8080 在前面没有返回任何内容。但因此服务器在它上工作到 8080 端口?
您可以使用 iptables 规则关闭端口。由于应用程序在 docker 中运行并拥有自己的(尽管是虚拟的)网络接口,因此网络流量不会通过 INPUT 链,而是分别通过 FORWARD 链,iptables 的规则如下所示:
iptables -I FORWARD 1 -p tcp --dport 8080 -j DROPSave scripts can be found here。