Traefik:所有子目录 return 404
Traefik: all subdirectories return 404
首先,提前感谢您的浏览。我想我在某个地方犯了一个非常基本的错误,但我已经搜索了几个小时但没有结果。我正在尝试 运行 一个概念证明,以在子目录中公开 traefik 2.4 反向代理后面的容器。我的 DDNS 不允许子域,所以我一直使用子目录,直到我能证明它有效。
我的问题是我站起来的每个容器都被 traefik 动态拾取并显示在仪表板中,但是子目录给出了 404 错误。我什至将 PathPrefix 与正则表达式一起使用以防止结尾/错误。
这是我的配置。
Traefik 的 docker-compose:
version: '3'
services:
traefik:
image: traefik:v2.4
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/log:/var/log
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`domain.host.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:password"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`domain.host.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
# - /var/log:/var/log:ro
- ./fail2ban/data:/data
- ./data/log:/var/log:ro
networks:
t2_proxy:
external: true
这是我的 traefik.yml 配置文件:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: email@email.com
storage: acme.json
httpChallenge:
entrypoint: http
log:
filePath: "/var/log/traefik.log"
level: DEBUG
accessLog:
filePath: "var/log/access.log"
filters:
statusCodes:
- "400-499"
retryAttempts: true
这是我试图公开的第一个概念验证容器。它只是一个单独的 docker-compose:
中的 portainer
version: '3'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- "9000:9000"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data:/data
labels:
- "traefik.enable=true"
#web routers
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#middlewares
#- "traefik.http.routers.portainer.middlewares=portainer-stripprefix"
#- "traefik.http.middlewares.portainer-stripprefix.stripprefix.prefixes=/portainer"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
#web secure rpiters
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.middlewares=chain-basic-auth@users"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.tls.certresolver=http"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=t2_proxy"
networks:
t2_proxy:
external: true
总而言之,我导航到 domain.host.com,它通过将我重定向到 domain.host.com/dashboard 来正常运行。但是,当我转到 domain.host.com/portainer 时出现 404 错误。
如果我需要 post 任何其他详细信息,请告诉我。我感觉我缺少了一些非常明显的配置,因为这是我第一次使用 Traefik。再次感谢您的帮助!
对于未来的 google 员工
好的,我今晚弄明白了。谢谢 reddit.com/traefik 用户 /u/Quafeinum 的帮助!我实际上在这里阅读了指南:spad 在 linuxserver.io 上的 https://spad.uk/practical-configuration-of-traefik-as-a-reverse-proxy-for-docker/,这帮助我更好地理解了标签。问题的关键是
traefik.http.services.whoami-whoami.loadbalancer.server.scheme=https
无论如何,它在所有示例中都是如此,我无意中复制了它(这里有一个警示故事)。删除它后,容器现在可以正确地暴露在 HTTPS 上。已通过 portainer 和 whoami 验证。
这是一个 link 到相关 docker-composes 和 yaml 的 pastebin。这将获得一个正常运行的 traefik,它通过 HTTPS 动态加载 docker 容器 whoami。
首先,提前感谢您的浏览。我想我在某个地方犯了一个非常基本的错误,但我已经搜索了几个小时但没有结果。我正在尝试 运行 一个概念证明,以在子目录中公开 traefik 2.4 反向代理后面的容器。我的 DDNS 不允许子域,所以我一直使用子目录,直到我能证明它有效。
我的问题是我站起来的每个容器都被 traefik 动态拾取并显示在仪表板中,但是子目录给出了 404 错误。我什至将 PathPrefix 与正则表达式一起使用以防止结尾/错误。
这是我的配置。
Traefik 的 docker-compose:
version: '3'
services:
traefik:
image: traefik:v2.4
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/log:/var/log
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`domain.host.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:password"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`domain.host.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
# - /var/log:/var/log:ro
- ./fail2ban/data:/data
- ./data/log:/var/log:ro
networks:
t2_proxy:
external: true
这是我的 traefik.yml 配置文件:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: email@email.com
storage: acme.json
httpChallenge:
entrypoint: http
log:
filePath: "/var/log/traefik.log"
level: DEBUG
accessLog:
filePath: "var/log/access.log"
filters:
statusCodes:
- "400-499"
retryAttempts: true
这是我试图公开的第一个概念验证容器。它只是一个单独的 docker-compose:
中的 portainerversion: '3'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- "9000:9000"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data:/data
labels:
- "traefik.enable=true"
#web routers
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#middlewares
#- "traefik.http.routers.portainer.middlewares=portainer-stripprefix"
#- "traefik.http.middlewares.portainer-stripprefix.stripprefix.prefixes=/portainer"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
#web secure rpiters
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.middlewares=chain-basic-auth@users"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.tls.certresolver=http"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=t2_proxy"
networks:
t2_proxy:
external: true
总而言之,我导航到 domain.host.com,它通过将我重定向到 domain.host.com/dashboard 来正常运行。但是,当我转到 domain.host.com/portainer 时出现 404 错误。
如果我需要 post 任何其他详细信息,请告诉我。我感觉我缺少了一些非常明显的配置,因为这是我第一次使用 Traefik。再次感谢您的帮助!
对于未来的 google 员工
好的,我今晚弄明白了。谢谢 reddit.com/traefik 用户 /u/Quafeinum 的帮助!我实际上在这里阅读了指南:spad 在 linuxserver.io 上的 https://spad.uk/practical-configuration-of-traefik-as-a-reverse-proxy-for-docker/,这帮助我更好地理解了标签。问题的关键是
traefik.http.services.whoami-whoami.loadbalancer.server.scheme=https
无论如何,它在所有示例中都是如此,我无意中复制了它(这里有一个警示故事)。删除它后,容器现在可以正确地暴露在 HTTPS 上。已通过 portainer 和 whoami 验证。
这是一个 link 到相关 docker-composes 和 yaml 的 pastebin。这将获得一个正常运行的 traefik,它通过 HTTPS 动态加载 docker 容器 whoami。