无法访问 Traefik 后面的 Docker 容器
Unable to access Docker container behind Traefik
我正在尝试访问我的远程服务器上的 whoami 容器 运行,但只能得到“404 页面未找到”错误。我在尝试访问 traefik 仪表板时得到了相同的结果。
我的docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik:v2.3.0
container_name: traefik
restart: unless-stopped
command: # CLI arguments
## Globals
- "--global.checkNewVersion=false"
- "--global.sendAnonymousUsage=false"
## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- "--entrypoints.http.address=:80"
- "--entrypoints.http.http.redirections.entryPoint.to=https"
- "--entrypoints.http.http.redirections.entryPoint.scheme=https"
- "--entrypoints.https.address=:443"
## API Settings
- "--api=true"
- "--api.dashboard=true"
- "--log=true"
- "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- "--providers.docker=true"
- "--providers.docker.watch=true"
- "--providers.docker.exposedByDefault=false"
## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ##
- "--certificatesresolvers.mytlschallenge.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # TBD - TESTING
networks:
- frontend
ports:
- "80:80"
- "443:443"
- "8080:8080"
security_opt:
- "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "$USERDIR/ctmp/acme/acme.json:/acme.json:rw" # cert location - you must touch this file and change permissions to 600
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.service=api@internal"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
networks:
- frontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=HostHeader(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=http"
networks:
frontend:
external: true
$USERDIR 和 $DOMAIN 在我的 .env 文件中定义。
所有 traefik 日志都是 info 或 debug 级别,没有出现错误。
我现在没有时间,但这是一个快速代码重写,但未经测试。
这只是一种略有不同的方法。但我认为它导致了相同的目标。
- 您必须包含您的 ENV 文件
- traefik.http.routers.api.rule=HostHeader 到 =Host(`...)。这很奇怪,也应该与 HostHeader 一起使用。 Link
- 有了这个底座,您现在可以自定义它了。我使用 HTTP chalange,但使用 TLS chalange 应该可以。
version: "3.7"
services:
traefik:
image: traefik:v2.3.0
container_name: traefik
restart: unless-stopped
env_file:
- .env
command: # CLI arguments
## Globals
- "--global.checkNewVersion=false"
- "--global.sendAnonymousUsage=false"
## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
## API Settings
- "--api=true"
- "--api.insecure=false"
- "--api.dashboard=true"
- "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
## Certificate Settings
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=http"
- "--certificatesresolvers.myresolver.acme.email=YOUR-EMAIL@your-domain.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
- frontend
ports:
- "80:80"
- "443:443"
- "8080:8080"
security_opt:
- "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.api.entrypoints=https"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirect.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirect.middlewares=redirect-to-https"
whoami:
image: traefik/whoami
container_name: simple-service
networks:
- frontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
frontend:
external: true
我正在尝试访问我的远程服务器上的 whoami 容器 运行,但只能得到“404 页面未找到”错误。我在尝试访问 traefik 仪表板时得到了相同的结果。
我的docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik:v2.3.0
container_name: traefik
restart: unless-stopped
command: # CLI arguments
## Globals
- "--global.checkNewVersion=false"
- "--global.sendAnonymousUsage=false"
## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- "--entrypoints.http.address=:80"
- "--entrypoints.http.http.redirections.entryPoint.to=https"
- "--entrypoints.http.http.redirections.entryPoint.scheme=https"
- "--entrypoints.https.address=:443"
## API Settings
- "--api=true"
- "--api.dashboard=true"
- "--log=true"
- "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- "--providers.docker=true"
- "--providers.docker.watch=true"
- "--providers.docker.exposedByDefault=false"
## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ##
- "--certificatesresolvers.mytlschallenge.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # TBD - TESTING
networks:
- frontend
ports:
- "80:80"
- "443:443"
- "8080:8080"
security_opt:
- "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "$USERDIR/ctmp/acme/acme.json:/acme.json:rw" # cert location - you must touch this file and change permissions to 600
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.service=api@internal"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
networks:
- frontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=HostHeader(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=http"
networks:
frontend:
external: true
$USERDIR 和 $DOMAIN 在我的 .env 文件中定义。
所有 traefik 日志都是 info 或 debug 级别,没有出现错误。
我现在没有时间,但这是一个快速代码重写,但未经测试。 这只是一种略有不同的方法。但我认为它导致了相同的目标。
- 您必须包含您的 ENV 文件
- traefik.http.routers.api.rule=HostHeader 到 =Host(`...)。这很奇怪,也应该与 HostHeader 一起使用。 Link
- 有了这个底座,您现在可以自定义它了。我使用 HTTP chalange,但使用 TLS chalange 应该可以。
version: "3.7"
services:
traefik:
image: traefik:v2.3.0
container_name: traefik
restart: unless-stopped
env_file:
- .env
command: # CLI arguments
## Globals
- "--global.checkNewVersion=false"
- "--global.sendAnonymousUsage=false"
## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
## API Settings
- "--api=true"
- "--api.insecure=false"
- "--api.dashboard=true"
- "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
## Certificate Settings
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=http"
- "--certificatesresolvers.myresolver.acme.email=YOUR-EMAIL@your-domain.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
- frontend
ports:
- "80:80"
- "443:443"
- "8080:8080"
security_opt:
- "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.api.entrypoints=https"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirect.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirect.middlewares=redirect-to-https"
whoami:
image: traefik/whoami
container_name: simple-service
networks:
- frontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
frontend:
external: true