为什么 traefik.toml 文件不能被 docker-compose 配置读取
Why is my traefik.toml file not be read by docker-compose configuration
我的目标是使用基本身份验证保护 traefik 前端。
我是 运行 Traefik 版本 v1.4.3,构建于 2017-11-14_11:14:24AM 的 Docker 容器中。
我的 docker-compose.yml 文件如下所示:
version: "3"
services:
proxy:
image: traefik
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
ports:
- "80:80"
- "8081:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ~/git/traefik/traefik.toml:/etc/traefik/traefik.toml
- ~/git/traefik/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_nw
我的 traefik.toml 文件中的 Web 前端部分如下所示:
....
# Enable web configuration backend
[web]
address = ":8080"
[web.auth.basic]
usersFile = "/etc/traefik/.htpasswd"
...
但我的自定义 traefik.toml 文件似乎不是 traefik mountet/read - traefik 前端仍然不需要身份验证。
调试日志输出如下所示:
$ docker-compose up
Starting traefik_proxy_1
Attaching to traefik_proxy_1
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Traefik version v1.4.3 built on 2017-11-14_11:14:24AM"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":[],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":null,"Stats":null,"StatsRecorder":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc420270180} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *web.Provider {"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":{},"Stats":{"Uptime":"2017-11-20T07:30:10.282646542Z","Pid":1,"ResponseCounts":{},"TotalResponseCounts":{},"TotalResponseTime":"0001-01-01T00:00:00Z"},"StatsRecorder":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting server on :80"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Provider connection established with docker 17.09.0-ce (API 1.32)"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Validation of load balancer method for backend backend-proxy-traefik failed: invalid load-balancing method ''. Using default method wrr."
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-proxy-traefik":{"servers":{"server-traefik_proxy_1":{"url":"http://172.19.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-proxy-traefik-docker-localhost-0":{"backend":"backend-proxy-traefik","routes":{"route-frontend-Host-proxy-traefik-docker-localhost-0":{"rule":"Host:proxy.traefik.docker.localhost"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Last docker config received more than 2s, OK"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Creating frontend frontend-Host-proxy-traefik-docker-localhost-0"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="No entrypoint defined for frontend frontend-Host-proxy-traefik-docker-localhost-0, defaultEntryPoints:[]"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="Skipping frontend frontend-Host-proxy-traefik-docker-localhost-0..."
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Server configuration reloaded on :80"
我从这里开始关注文档:http://docs.traefik.io/configuration/backends/web/#authentication
我看不出我的设置有什么问题。
我自己的问题中显示的设置不起作用的原因是我的 docker-compose.yml 文件中的 'command' 条目:
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
此命令会覆盖我的 traefik.toml 文件中的 [web] 和 [docker] 设置。
因此,如果您使用 docker-compose 将 traefik 作为 docker 容器启动,则 docker-compose.yml 文件不应该!如果挂载自定义 traefik.toml 文件,则包含任何命令。在这种情况下,所有设置都应放入 trafik.toml 文件中。
因此它适用于以下 docker-compose.yml 文件:
version: "3"
services:
proxy:
image: traefik
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $PWD/traefik.toml:/etc/traefik/traefik.toml
- $PWD/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_network
注意traefik.toml文件必须挂载到容器目录/etc/traefik/
我的目标是使用基本身份验证保护 traefik 前端。
我是 运行 Traefik 版本 v1.4.3,构建于 2017-11-14_11:14:24AM 的 Docker 容器中。
我的 docker-compose.yml 文件如下所示:
version: "3"
services:
proxy:
image: traefik
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
ports:
- "80:80"
- "8081:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ~/git/traefik/traefik.toml:/etc/traefik/traefik.toml
- ~/git/traefik/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_nw
我的 traefik.toml 文件中的 Web 前端部分如下所示:
....
# Enable web configuration backend
[web]
address = ":8080"
[web.auth.basic]
usersFile = "/etc/traefik/.htpasswd"
...
但我的自定义 traefik.toml 文件似乎不是 traefik mountet/read - traefik 前端仍然不需要身份验证。
调试日志输出如下所示:
$ docker-compose up
Starting traefik_proxy_1
Attaching to traefik_proxy_1
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Traefik version v1.4.3 built on 2017-11-14_11:14:24AM"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":[],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":null,"Stats":null,"StatsRecorder":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc420270180} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *web.Provider {"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":{},"Stats":{"Uptime":"2017-11-20T07:30:10.282646542Z","Pid":1,"ResponseCounts":{},"TotalResponseCounts":{},"TotalResponseTime":"0001-01-01T00:00:00Z"},"StatsRecorder":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting server on :80"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Provider connection established with docker 17.09.0-ce (API 1.32)"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Validation of load balancer method for backend backend-proxy-traefik failed: invalid load-balancing method ''. Using default method wrr."
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-proxy-traefik":{"servers":{"server-traefik_proxy_1":{"url":"http://172.19.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-proxy-traefik-docker-localhost-0":{"backend":"backend-proxy-traefik","routes":{"route-frontend-Host-proxy-traefik-docker-localhost-0":{"rule":"Host:proxy.traefik.docker.localhost"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Last docker config received more than 2s, OK"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Creating frontend frontend-Host-proxy-traefik-docker-localhost-0"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="No entrypoint defined for frontend frontend-Host-proxy-traefik-docker-localhost-0, defaultEntryPoints:[]"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="Skipping frontend frontend-Host-proxy-traefik-docker-localhost-0..."
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Server configuration reloaded on :80"
我从这里开始关注文档:http://docs.traefik.io/configuration/backends/web/#authentication
我看不出我的设置有什么问题。
我自己的问题中显示的设置不起作用的原因是我的 docker-compose.yml 文件中的 'command' 条目:
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
此命令会覆盖我的 traefik.toml 文件中的 [web] 和 [docker] 设置。
因此,如果您使用 docker-compose 将 traefik 作为 docker 容器启动,则 docker-compose.yml 文件不应该!如果挂载自定义 traefik.toml 文件,则包含任何命令。在这种情况下,所有设置都应放入 trafik.toml 文件中。
因此它适用于以下 docker-compose.yml 文件:
version: "3"
services:
proxy:
image: traefik
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $PWD/traefik.toml:/etc/traefik/traefik.toml
- $PWD/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_network
注意traefik.toml文件必须挂载到容器目录/etc/traefik/