Traefik 和让我们在非默认 http 端口 80 上加密?
Traefik and Let's Encrypt on non default http port 80?
我尝试设置测试容器以使用 traefik 并让其加密。
Traefik 不在默认端口 80 和 443 上 运行。
服务器已经在本地安装了 apache、反向代理 ngnix 和 tomcat,因此端口:80、443 和 8080 不可用。
据我对日志的了解,存在关于 ACME 端口的错误配置。测试容器似乎已正确连接到入口点。
如何让 lets encrypt 和 traefik 在这种情况下工作,还是我做错了什么?
我的traefik.toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":50500"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":50501"
[entryPoints.https.tls]
[accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "me@example.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose.yml:
version: '2'
services:
traefik:
image: traefik:1.5.0
restart: always
ports:
- 50500:50500
- 50501:50501
- 50502:50502
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/someuser/traefik/traefik.toml:/traefik.toml
- /home/someuser/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
运行 docker logs traefik returns:
time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://:50501"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
Let's Encrypt 需要端口 80 或 443 请参阅 https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72
我尝试设置测试容器以使用 traefik 并让其加密。
Traefik 不在默认端口 80 和 443 上 运行。
服务器已经在本地安装了 apache、反向代理 ngnix 和 tomcat,因此端口:80、443 和 8080 不可用。
据我对日志的了解,存在关于 ACME 端口的错误配置。测试容器似乎已正确连接到入口点。
如何让 lets encrypt 和 traefik 在这种情况下工作,还是我做错了什么?
我的traefik.toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":50500"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":50501"
[entryPoints.https.tls]
[accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "me@example.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose.yml:
version: '2'
services:
traefik:
image: traefik:1.5.0
restart: always
ports:
- 50500:50500
- 50501:50501
- 50502:50502
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/someuser/traefik/traefik.toml:/traefik.toml
- /home/someuser/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
运行 docker logs traefik returns:
time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://:50501"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
Let's Encrypt 需要端口 80 或 443 请参阅 https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72