具有 docker-compose、LetsEncrypt 和多个域的 Traefik
Traefik with docker-compose, LetsEncrypt, and multiple domains
我正在尝试使用 traefik 作为反向代理,通过 docker-compose 制作一个 运行 重影图像。
我有两个域,sub.foo.com 和 bar.com。调用 docker-compose up -d 后,容器可通过 sub.foo.com:2386 访问,但不能通过 bar.com 访问。我知道在 ghost.service 中没有必要有 ports 选项,但在那里可以证明容器出现了。
这是我的配置:
traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "sub.foo.com"
watch = true
exposedbydefault = false
[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose.yml
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
networks:
- ghost
environment:
MYSQL_ROOT_PASSWORD: testing
MYSQL_DATABASE: ghost
MYSQL_USER: ghost
MYSQL_PASSWORD: ghost
ghost:
depends_on:
- db
image: ghost:2.1.2-alpine
ports:
- "2368:2368"
networks:
- traefik
- ghost
volumes:
- ghost_data:/var/lib/ghost/content
environment:
database__client: mysql
database__connection__host: db
database__connection__user: ghost
database__connection__password: ghost
database__connection__database: ghost
labels:
- "traefik.backend=ghost"
- "traefik.docker.network=traefik"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:bar.com"
- "traefik.port=2368"
- "traefik.protocol=http"
volumes:
db_data: {}
ghost_data: {}
networks:
ghost: {}
traefik:
external: true
知道我做错了什么吗?我的 DNS 记录在 sub.foo.com 和 bar.com 上的指向相同。当我导航到 bar.com 时,我最终得到:
<!DOCTYPE html>
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Access Denied</title>
<style type="text/css">body {margin:0;font-family:verdana,sans-serif;} h1 {margin:0;padding:12px 25px;background-color:#343434;color:#ddd} p {margin:12px 25px;} strong {color:#E0042D;}</style>
</head>
<body>
<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong><br/><br/>
Consult your system administrator for details.
</p>
</body>
</html>
这不是您的标准 traefik 错误。是不是没有约束力?
也许它被切断了,但您的 toml 中还需要以下内容:
...
[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[[acme.domains]]
main = "bar.com"
[acme.httpChallenge]
entryPoint = "http"
您的 docker-compose 可能缺少以下内容:
labels:
....
- "traefik.frontend.entryPoints=http,https"
不过,该错误看起来有些不同,与 treafik 无关。 treafik 是否暴露在您服务器上的 80 和 443 端口?
我正在尝试使用 traefik 作为反向代理,通过 docker-compose 制作一个 运行 重影图像。
我有两个域,sub.foo.com 和 bar.com。调用 docker-compose up -d 后,容器可通过 sub.foo.com:2386 访问,但不能通过 bar.com 访问。我知道在 ghost.service 中没有必要有 ports 选项,但在那里可以证明容器出现了。
这是我的配置:
traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "sub.foo.com"
watch = true
exposedbydefault = false
[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose.yml
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
networks:
- ghost
environment:
MYSQL_ROOT_PASSWORD: testing
MYSQL_DATABASE: ghost
MYSQL_USER: ghost
MYSQL_PASSWORD: ghost
ghost:
depends_on:
- db
image: ghost:2.1.2-alpine
ports:
- "2368:2368"
networks:
- traefik
- ghost
volumes:
- ghost_data:/var/lib/ghost/content
environment:
database__client: mysql
database__connection__host: db
database__connection__user: ghost
database__connection__password: ghost
database__connection__database: ghost
labels:
- "traefik.backend=ghost"
- "traefik.docker.network=traefik"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:bar.com"
- "traefik.port=2368"
- "traefik.protocol=http"
volumes:
db_data: {}
ghost_data: {}
networks:
ghost: {}
traefik:
external: true
知道我做错了什么吗?我的 DNS 记录在 sub.foo.com 和 bar.com 上的指向相同。当我导航到 bar.com 时,我最终得到:
<!DOCTYPE html>
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Access Denied</title>
<style type="text/css">body {margin:0;font-family:verdana,sans-serif;} h1 {margin:0;padding:12px 25px;background-color:#343434;color:#ddd} p {margin:12px 25px;} strong {color:#E0042D;}</style>
</head>
<body>
<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong><br/><br/>
Consult your system administrator for details.
</p>
</body>
</html>
这不是您的标准 traefik 错误。是不是没有约束力?
也许它被切断了,但您的 toml 中还需要以下内容:
...
[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[[acme.domains]]
main = "bar.com"
[acme.httpChallenge]
entryPoint = "http"
您的 docker-compose 可能缺少以下内容:
labels:
....
- "traefik.frontend.entryPoints=http,https"
不过,该错误看起来有些不同,与 treafik 无关。 treafik 是否暴露在您服务器上的 80 和 443 端口?