traefik docker x-forwarded-for 循环
traefik docker x-forwarded-for loop
我在使用 docker + rancher + traefik 时遇到问题。
后端被发现很好,它适用于 2 个牧场主主机。但是不时访问我在 traefik 后端托管的网站时,我有 docker 做大量的 io 等待和 traefik 日志脱落日志,如:
my-internal-proxy-2 | 2018-02-06T15:03:15.500664406Z time="2018-02-06T15:03:15Z" level=debug msg="vulcand/oxy/forward: begin ServeHttp on request" Request="{"Method":"GET","URL":{"Scheme":"http","Opaque":"","User":null,"Host":":80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["curl/7.47.0"],"X-Forwarded-For":["public.ip.xx, 10.4.2.116, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1....
为什么我会收到这个?它每天都崩溃,无法弄清楚为什么 x-forwarded-for 是 127.0.0.1。有什么想法吗?
谢谢
这里有更多详细信息:
使用最新的 docker-ce
toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[web]
address = ":8080"
[docker]
[acme]
email = myemail@mydomain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
caServer = "https://acme-staging.api.letsencrypt.org/directory"
[acme.dnsChallenge]
provider = "ovh"
delayBeforeCheck = 0
docker-在 rancher 中编写:
version: '2'
services:
proxy:
image: traefik:v1.5.1
ports:
- "443:443"
- "8080:8080"
- "80:80"
command: --web --accessLog --constraints=tag==internal --rancher --rancher.exposedbydefault=false --rancher.metadata=true --logLevel=DEBUG
volumes:
- /data/traefik/traefik.toml:/etc/traefik/traefik.toml
- /data/traefik/acme.json:/etc/traefik/acme/acme.json
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.frontend.entryPoints=http,https"
- "io.rancher.container.agent.role: internal"
- "environment io.rancher.container.create_agent: true"
environment:
- OVH_ENDPOINT=ovh-eu
- OVH_APPLICATION_KEY=xxxx
- OVH_APPLICATION_SECRET=xxxx
- OVH_CONSUMER_KEY=xxx
mediawiki:
image: mediawiki:stable
volumes:
-
/data/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php
- /var/www/html/images/
labels:
- "traefik.frontend.entryPoints=http,https"
- "traefik.backend=mediawiki"
- "traefik.frontend.rule=Host:wiki.mydomain.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=internal"
- "traefik.backend.loadbalancer.stickiness=true"
我的 toml 中缺少重定向子句 [entryPoints.http.redirect],这是好的 toml 配置:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entrypoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
非常感谢来自 traefik 的 Idez 支持 ;)
我在使用 docker + rancher + traefik 时遇到问题。
后端被发现很好,它适用于 2 个牧场主主机。但是不时访问我在 traefik 后端托管的网站时,我有 docker 做大量的 io 等待和 traefik 日志脱落日志,如:
my-internal-proxy-2 | 2018-02-06T15:03:15.500664406Z time="2018-02-06T15:03:15Z" level=debug msg="vulcand/oxy/forward: begin ServeHttp on request" Request="{"Method":"GET","URL":{"Scheme":"http","Opaque":"","User":null,"Host":":80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["curl/7.47.0"],"X-Forwarded-For":["public.ip.xx, 10.4.2.116, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1, 127.0.0.1....
为什么我会收到这个?它每天都崩溃,无法弄清楚为什么 x-forwarded-for 是 127.0.0.1。有什么想法吗?
谢谢
这里有更多详细信息: 使用最新的 docker-ce toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[web]
address = ":8080"
[docker]
[acme]
email = myemail@mydomain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
caServer = "https://acme-staging.api.letsencrypt.org/directory"
[acme.dnsChallenge]
provider = "ovh"
delayBeforeCheck = 0
docker-在 rancher 中编写:
version: '2'
services:
proxy:
image: traefik:v1.5.1
ports:
- "443:443"
- "8080:8080"
- "80:80"
command: --web --accessLog --constraints=tag==internal --rancher --rancher.exposedbydefault=false --rancher.metadata=true --logLevel=DEBUG
volumes:
- /data/traefik/traefik.toml:/etc/traefik/traefik.toml
- /data/traefik/acme.json:/etc/traefik/acme/acme.json
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.frontend.entryPoints=http,https"
- "io.rancher.container.agent.role: internal"
- "environment io.rancher.container.create_agent: true"
environment:
- OVH_ENDPOINT=ovh-eu
- OVH_APPLICATION_KEY=xxxx
- OVH_APPLICATION_SECRET=xxxx
- OVH_CONSUMER_KEY=xxx
mediawiki:
image: mediawiki:stable
volumes:
-
/data/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php
- /var/www/html/images/
labels:
- "traefik.frontend.entryPoints=http,https"
- "traefik.backend=mediawiki"
- "traefik.frontend.rule=Host:wiki.mydomain.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=internal"
- "traefik.backend.loadbalancer.stickiness=true"
我的 toml 中缺少重定向子句 [entryPoints.http.redirect],这是好的 toml 配置:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entrypoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
非常感谢来自 traefik 的 Idez 支持 ;)