PHP:狂饮6-cURL错误7连接被拒绝

我进行了搜索,并阅读了http://docs.guzzlephp.org/en/stable/request-options.html处的文档,并确认了https://curl.haxx.se/libcurl/c/libcurl-errors.html处的错误,并且对我而言,我无法弄清楚发生了什么.我的/ etc / hosts文件中有app-one和app-two的URL,我知道它们是正确的,因为我可以在浏览器中通过终端通过cURL来访问它们.

我的设置:

Docker容器配置为:

App 1 = php-fpm - responding app
App 2 = php-fpm - requesting app,using Guzzle 6.3.2
Nginx Reverse Proxy

nginx配置:

应用程式1:

upstream php-app-one {
    server php-app-one:9000;
}

server {
    listen 80;
    listen [::]:80;
    server_name app-one.local;
    return 301 https://$server_name$request_uri;
}

server {
    # SSL configuration
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl on;
    ssl_certificate /etc/nginx/certs/app-one.crt;
    ssl_certificate_key /etc/nginx/certs/app-one.key;
    ssl_dhparam /etc/nginx/certs/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3,ref: POODLE
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    server_name app-one.local;

    root /var/www/app-one;
    index index.php index.html;

    gzip_types text/plain text/css application/json application/x-javascript
               text/xml application/xml application/xml+rss text/javascript;

    # Add headers to serve security related headers
    #
    # Disable preloading HSTS for now.  You can use the commented out header line that includes
    # the "preload" directive if you understand the implications.
    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Pragma "no-cache";
    add_header Cache-Control "no-cache";
    add_header X-uri "$uri";

    location ~* \.(eot|otf|ttf|woff|woff2)${
            add_header Access-Control-Allow-Origin *;
    }

    location / {
            proxy_read_timeout    90;
            proxy_connect_timeout 90;
            proxy_redirect        off;

            proxy_set_header      X-Real-IP $remote_addr;
            proxy_set_header      X-Scheme $scheme;
            proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header      X-Forwarded-Proto $scheme;
            proxy_set_header      X-Forwarded-Host $server_name;
            proxy_set_header      Host $host;
            proxy_set_header      X-Forwarded-Port 443;
            proxy_set_header      Authorization $http_authorization;
            proxy_pass_header     Authorization;

            try_files $uri $uri/ /index.php?$args;
    }

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ [^/]\.php(/|$) {
            add_header X-debug-message "A php file was used" always;
            # regex to split $uri to $fastcgi_script_name and $fastcgi_path
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            # This is a robust solution for path info security issue and 
            # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
            # if (!-f $document_root$fastcgi_script_name) {
            #         return 404;
            # }
            # Check that the PHP script exists before passing it
            # try_files $fastcgi_script_name =404;
            # Bypass the fact that try_files resets $fastcgi_path_info
            # see: http://trac.nginx.org/nginx/ticket/321
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_intercept_errors on;
            fastcgi_pass php-app-one;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)${
            add_header X-debug-message "A static file was served" always;
            expires max;
            # log_not_found off;
    }

    location ~ /\. {
            deny all;
    }
}

应用程式2:

upstream php-app-two {
    server php-app-two:9000;
}

server {
    listen 80;
    listen [::]:80;
    server_name app-two.local;
    return 301 https://$server_name$request_uri;
}

server {
    # SSL configuration
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /etc/nginx/certs/app-two.crt;
    ssl_certificate_key /etc/nginx/certs/app-two.key;
    ssl_dhparam /etc/nginx/certs/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    server_name app-two.local;

    root /var/www/app-two;
    index index.php index.html;

    gzip_types text/plain text/css application/json application/x-javascript
               text/xml application/xml application/xml+rss text/javascript;


    # Add headers to serve security related headers
    #
    # Disable preloading HSTS for now.  You can use the commented out header line that includes
    # the "preload" directive if you understand the implications.
    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Pragma "no-cache";
    add_header Cache-Control "no-cache";
    add_header X-uri "$uri";

    location ~* \.(eot|otf|ttf|woff|woff2)${
            add_header Access-Control-Allow-Origin *;
    }

    location / {
            proxy_read_timeout    90;
            proxy_connect_timeout 90;
            proxy_redirect        off;

            proxy_set_header      X-Real-IP $remote_addr;
            proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header      X-Forwarded-Host $server_name;
            proxy_set_header      Host $host;
            proxy_set_header      X-Forwarded-Proto $scheme;
            proxy_set_header      X-Forwarded-Port 443;
            proxy_set_header      Authorization $http_authorization;
            proxy_pass_header     Authorization;

            try_files $uri $uri/ /index.php;
    }

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ [^/]\.php(/|$) {
            add_header X-debug-message "A php file was used" always;
            # add_header Location "$uri" always;
            # regex to split $uri to $fastcgi_script_name and $fastcgi_path
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            # This is a robust solution for path info security issue and 
            # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
            if (!-f $document_root$fastcgi_script_name) {
                    return 404;
            }
            # Check that the PHP script exists before passing it
            try_files $fastcgi_script_name =404;
            # Bypass the fact that try_files resets $fastcgi_path_info
            # see: http://trac.nginx.org/nginx/ticket/321
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_intercept_errors on;
            fastcgi_pass php-app-two;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)${
            expires max;
            log_not_found off;
    }
}

Nginx反向代理:

worker_processes 1;

daemon off;

events {
    worker_connections 1024;
}

error_log   /var/log/nginx/error.log warn;
pid         /var/run/nginx.pid;

http {
    default_type application/octet-stream;
    include /etc/nginx/conf/mime.types;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;

    keepalive_timeout 65;

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    application/x-font-ttf ttc ttf;
    application/x-font-otf otf;
    application/font-woff woff;
    application/font-woff2 woff2;
    application/vnd.ms-fontobject eot;

    include /etc/nginx/conf.d/*.conf;
}

docker-compose.yml:

dawei

【声明】:丽水站长网内容转载自互联网,其相关言论仅代表作者个人观点绝非权威,不代表本站立场。如您发现内容存在版权问题,请提交相关链接至邮箱:bqsm@foxmail.com,我们将及时予以处理。

相关文章