我正在编写一个简单的反向代理,以在连接到 VOD 服务(livepeer)时将 JWT 交换为 API。使用 docker 在我的机器上进行测试。
但是请求总是挂起。这是 nginx.conf:
events {
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
error_log /dev/stdout;
server {
listen 8080;
server_name creators_proxy;
location /api {
auth_request /auth;
proxy_set_header Authorization 'Bearer here_goes_the_key';
proxy_pass https://livepeer.studio/api;
}
location = /auth {
internal;
proxy_pass here_goes_auth_url;
}
location = /auth2 {
proxy_pass here_goes_auth_url;
}
}
}
和 dockerfile:
# Use the official NGINX image as a parent image
FROM nginx:latest
COPY nginx.conf /etc/nginx/nginx.conf
我用
docker run -d --name docker-nginx -p 8080:8080 -v ./nginx.conf:/etc/nginx/nginx.conf -d nginx_img
构建容器
并致电
http://localhost:8080/api/asset/request-upload
auth_url来自pipedream,用于检查发出的请求。但请求从未落地。我得到:
upstream timed out (110: Connection timed out) while reading response header from upstream, client: 172.17.0.1, server: creators_proxy, request: "POST /api/asset/request-upload HTTP/1.1", subrequest: "/auth", upstream: "https://xx.xxx.xx.xx:443/auth", host: "localhost:8080"
到目前为止我尝试过的:
curl
从我的机器上获取了身份验证网址(有效)curl
从 docker 实例获取了 auth url(有效)auth_request
位置中的/api
(不会挂起)有什么想法吗?
你有
+---------------------+
| Client |
| (localhost:8080) |
+----------+----------+
|
v
+----------+----------+
| NGINX Reverse |
| Proxy (Docker) |
| - Port 8080 |
| - auth_request |
+----------+----------+
|
v
+----------+----------+
| Auth Service |
| (Pipedream) |
+----------+----------+
|
v
+----------+----------+
| Livepeer API |
| (Upstream) |
+---------------------+
因此请确保
proxy_pass
位置中的 /auth
具有有效的 URL。如果 URL 不正确或无法从 Docker 容器内访问,则身份验证请求将失败。
此外,检查 Docker 容器内的网络连接和 DNS 解析。确保容器可以到达
auth_url
。
docker network ls
docker network inspect [network_name]
docker exec -it [container_name_or_id] /bin/bash
# then:
ping -c 4 google.com
curl [auth_url]
nslookup livepeer.studio
nslookup [auth_service_domain]
cat /etc/resolv.conf
增加 NGINX 配置中的超时设置。默认超时可能太短,导致请求在身份验证服务响应之前超时。
您的
nginx.conf
,增加超时设置和附加日志记录后,将是:
events {
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
error_log /dev/stdout debug; # Enable debug logging
server {
listen 8080;
server_name creators_proxy;
location /api {
auth_request /auth;
proxy_set_header Authorization 'Bearer here_goes_the_key';
proxy_pass https://livepeer.studio/api;
proxy_read_timeout 300s; # Increase timeout
proxy_connect_timeout 300s;
}
location = /auth {
internal;
proxy_pass here_goes_auth_url;
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
}
location = /auth2 {
proxy_pass here_goes_auth_url;
}
}
}
我已启用调试日志记录以提供更详细的日志。