Назад | Перейти на главную страницу

504 Тайм-аут шлюза Nginx -> PHP-FPM kubernetes

Я уже несколько дней пытаюсь заставить мое соединение nginx работать с php-fpm. Проблема в том, что он всегда дает мне 504 и выдает следующий журнал ошибок:

2018/07/09 10:57:25 [ошибка] 5 # 5: * 10 тайм-аут восходящего потока (110: тайм-аут операции) при подключении к восходящему потоку, клиент: 10.60.0.1, сервер: project.com, запрос: "GET /favicon.ico HTTP / 1.1 ", восходящий поток:" fastcgi: //10.63.243.26: 9000 ", хост:" 35.195.63.176 "

5 # 5: * 7 тайм-аут восходящего потока (110: тайм-аут операции) при подключении к восходящему потоку, клиент: 10.60.0.1, сервер: project.com, запрос: «GET / HTTP / 1.1», восходящий поток: «fastcgi: // 10.63.243.26:9000 ", хост:" 35.195.63.176 "

IP-адрес, к которому он пытается получить доступ, - это IP-адрес службы php-fpm, которая у меня запущена в моих кубернетах, тогда я поставлю вам .yaml моего k8s.

nginx-service.yaml

apiVersion: v1
kind: Service
metadata:
  namespace: default
  labels:
    service: nginx
  name: nginx
spec:
  type: LoadBalancer
  ports:
  - name: "80"
    port: 80
    targetPort: 80
  - name: "443"
    port: 443
    targetPort: 443
  selector:
    service: nginx
status:
  loadBalancer: {}

php-fpm-service.yaml

apiVersion: v1
kind: Service
metadata:
  namespace: default
  labels:
    service: php-fpm
  name: php-fpm
spec:
  ports:
  - name: "9000"
    port: 9000
    targetPort: 9000
    protocol: TCP
  selector:
    service: php-fpm
status:
  loadBalancer: {}

nginx.conf

# User for nginx
user nobody;
# Actives CPUs, value: auto gives a number of CPUs available
worker_processes 1;

# Logs location
error_log /var/log/nginx/error.log;
pid       /var/log/nginx/nginx.pid;

# Events is used to set global options that affect how Nginx handles connections at a general level
events {
    # Connections per second in one worker
    worker_connections 1024;
}

# Define how the program will handle HTTP or HTTPS connections.
http {
    # Include configuration files
    include /etc/nginx/conf/mime.types;
    include /etc/nginx/conf/upstream.conf
    # Include symfony conf
    include /etc/nginx/conf/symfony.conf;

    default_type application/octet-stream;

    # Nginx security config
    server_tokens off;

    # Hold open the TCP connection between the client and the server after an HTTP transaction has completed
    keepalive_timeout 15;
}

symfony.conf

# Symfony
server {
    # Listen for ipv4; this line is default and implied
    listen 80;

    listen 443 ssl http2;

    # Make site accessible from http://localhost/
    server_name project.com www.project.com;

    # Folder with source
    root /var/www/project/public;

    ssl_certificate /etc/ssl/project.crt;
    ssl_certificate_key /etc/ssl/project.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        # Try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        fastcgi_pass php-fpm;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;

        fastcgi_read_timeout 120;

        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;

        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/index.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    #error_page 404 /404.html;
      # location = /404.html
      #  root /var/www/errors;
      #  internal;
    #}

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
        return 404;
    }

    # Logs from this server
    error_log /var/log/nginx/project_error.log;
    access_log /var/log/nginx/project_access.log;
}

Образы докеров Nginx:

FROM nginx:alpine

# Set environment variable
ENV TZ="Europe/Madrid"

# Copy configuration files
COPY nginx.conf /etc/nginx/
COPY mime.types /etc/nginx/conf/mime.types
COPY symfony.conf /etc/nginx/conf/symfony.conf

# Delete default files
RUN rm /etc/nginx/conf.d/default.conf && rm -rf /var/wwww/html

COPY . /var/www/project

# Copy ssl certificates
COPY project.crt /etc/ssl/
COPY project.key /etc/ssl/

# Upstream
RUN echo "upstream php-upstream { server php-fpm:9000; }" > /etc/nginx/conf/upstream.conf

EXPOSE 443
EXPOSE 80

Образ докера PHP-fpm:

FROM php:7.2-fpm

# Set environment and arguments
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Madrid
WORKDIR /var/www/project/

# Install and upgrade programs
RUN apt-get update && apt-get upgrade -y
RUN apt-get install -y \
    openssl \
    unzip \
    zip \
    zlib1g-dev \
    && rm -rf /var/lib/apt/lists/*

# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

# Install apcu
RUN pecl install apcu

# Added extensions to docker
RUN docker-php-ext-install pdo pdo_mysql \
    && docker-php-ext-install zip  \
    && docker-php-ext-configure opcache \
    && docker-php-ext-install opcache \
    && docker-php-ext-enable apcu

# Create a user for composer
RUN useradd -m composer -g www-data

# Set user
USER composer

RUN composer global require hirak/prestissimo

COPY . /var/www/project
EXPOSE 9000

Я не знаю, где неправильная конфигурация. Я также оставляю вам развертывание Kubernetes на случай, если это как-то связано с этим.

Nginx-deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    service: nginx
  name: nginx
  namespace: default
spec:
  replicas: 1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        service: nginx
    spec:
      containers:
      - image: nginx-image
        name: nginx
        imagePullPolicy: Always
        ports:
        - containerPort: 80
        - containerPort: 443
        resources: {}
      restartPolicy: Always
status: {}

PHP-fpm-deployment.yaml:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    service: php-fpm
  name: php-fpm
  namespace: default
spec:
  replicas: 2
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        service: php-fpm
    spec:
      containers:
      - image: phpImage
        name: php-fpm
        imagePullPolicy: Always
        ports:
        - containerPort: 9000
        resources: {}
      restartPolicy: Always
status: {}

Большое спасибо!