启用 HTTPS 后 traefik 没有响应
No response from traefik once HTTPS is enabled
我正在尝试将 traefik 设置为我的 docker 容器的反向代理,但我无法将容器设置为使用 HTTPS。
我从 traefik user guide 复制了 docker-compose 并稍作修改(见下文)。
我的容器工作正常,如果我从 whoami 服务中注释掉最后两个标签,我可以通过 test.example.com:80 访问该服务。但是,如果我添加这两个标签,我将不再从我对 https://test.example.com(:443).
的 HTTP 请求中得到任何响应
我可以很好地检索证书,它按预期存储在 acme.json 中。
我启用了调试日志记录,但没有记录任何重要信息。我该如何调试它?
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
networks:
- web
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
- web
networks:
web:
external: true
网络 web 是通过执行以下命令创建的:
docker network create --driver=bridge --subnet=10.0.0.0/24 --gateway=10.0.0.1 web
这是您的网络配置问题,因为以下示例工作正常:
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=INFO"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
我正在尝试将 traefik 设置为我的 docker 容器的反向代理,但我无法将容器设置为使用 HTTPS。
我从 traefik user guide 复制了 docker-compose 并稍作修改(见下文)。
我的容器工作正常,如果我从 whoami 服务中注释掉最后两个标签,我可以通过 test.example.com:80 访问该服务。但是,如果我添加这两个标签,我将不再从我对 https://test.example.com(:443).
的 HTTP 请求中得到任何响应我可以很好地检索证书,它按预期存储在 acme.json 中。
我启用了调试日志记录,但没有记录任何重要信息。我该如何调试它?
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
networks:
- web
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
- web
networks:
web:
external: true
网络 web 是通过执行以下命令创建的:
docker network create --driver=bridge --subnet=10.0.0.0/24 --gateway=10.0.0.1 web
这是您的网络配置问题,因为以下示例工作正常:
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=INFO"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"