Traefik 无法使用 docker-compose 连接到服务器
Traefik can't connect to server with docker-compose
我正在尝试在阿里云实例中安装 gitea 和 traefik,但无法从 traefik 获得任何页面或响应。我该如何调试呢? docker logs traefik 没有错误
这是我的docker-compose.yml
version: "3"
networks:
gitea_net:
external: true
internal:
external: false
services:
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
labels:
- "traefik.enable=false"
networks:
- internal
volumes:
- ./postgres:/var/lib/postgresql/data
traefik:
image: traefik:latest
command: --docker
ports:
- 80:80
- 443:443
labels:
- "traefik.enable=true"
- "traefik.backend=dashboard"
- "traefik.frontend.rule=Host:traefik.mydomain.com"
- "traefik.port=8080"
networks:
- gitea_net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
restart: always
server:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- internal
volumes:
- ./gitea:/data
ports:
- "3000"
- "22"
labels:
- "traefik.enabled=true"
- "traefik.backend=gitea"
- "traefik.frontend.rule=Host:gitea.mydomain.com"
- "traefik.docker.network=gitea_net"
- "traefik.port=3000"
networks:
- internal
- gitea_net
depends_on:
- db
- traefik
这是我的traefik.toml
#Traefik Global Configuration
debug = true
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable Traefik Dashboard on port 8080
#with basic authentication method
[entryPoints.dash]
address=":8080"
[entryPoints.dash.auth]
[entryPoints.dash.auth.basic]
users = [
"admin:$apr1$nw$PAVvqQK30eAdrY0l9KCnK1",
]
[api]
entrypoint="dash"
dashboard = true
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedbydefault = false
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "mark@gmail.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
我可能错了,但您的设置可能只对 2.0 之前的 Traefik 有效。
您可以通过将 docker 图片标签从 traefik:latest 更改为 traefik:1.7 来快速查看。
如果您仍然无法使其正常工作,请尝试我知道有效的设置,因为正在使用中。如果我的设置适合您,那么您可以将它与您的设置进行比较,看看您的设置如何工作。我和你的主要区别是我使用 Treafik 1.7 并且我将 Traefik 部署为服务器中的一个单独的 docker 堆栈,因为我相信这是正确的做法,至少如果你想采取优势使用它在同一台服务器上调整尽可能多的服务。
另一件需要注意的事情是,用于存储 Letsencrypt 证书的 acme.json 文件必须具有 600 权限。但是如果我没记错的话,这个权限问题不会导致 traefik 不断重启,但不确定,我在 bash script 中没有详细说明如何设置 Traefik:
# Traefik will not create the certificates if we don't fix the permissions
# for the file where it stores the LetsEncrypt certificates.
chmod 600 acme.json
version: '2.3'
services:
traefik:
image: traefik:1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
labels:
- "traefik.acme.email=${TRAEFIK_ACME_EMAIL:? Missing TRAEFIK_ACME_EMAIL env var.}"
- "traefik.docker.domain=${TRAEFIK_DOCKER_DOMAIN:? Missing TRAEFIK_DOCKER_DOMAIN env var.}"
networks:
traefik:
external: true
网络是外部的,因此您需要运行 docker network create traefik。
docker-compose.yml文件中的变量来自.envfile:
TRAEFIK_DOCKER_DOMAIN=dev.example.com
TRAEFIK_ACME_EMAIL=YOUR@EMAIL.COM
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[acme]
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
可以找到从另一个 docker-compose.yml 文件附加 docker 撰写服务的示例 here:
service-name:
....
networks:
- shipfast
- traefik
labels:
- "traefik.enable=true"
- "traefik.backend=${ENVIRONMENT:-dev}.shipfast-api"
- "traefik.docker.network=traefik"
- "traefik.port=${SHIPFAST_HTTP_PORT}"
- "traefik.frontend.rule=Host:${SHIPFAST_PUBLIC_DOMAIN:-localhost}"
.....
networks:
shipfast:
driver: "bridge"
traefik:
external: true
我正在尝试在阿里云实例中安装 gitea 和 traefik,但无法从 traefik 获得任何页面或响应。我该如何调试呢? docker logs traefik 没有错误
这是我的docker-compose.yml
version: "3"
networks:
gitea_net:
external: true
internal:
external: false
services:
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
labels:
- "traefik.enable=false"
networks:
- internal
volumes:
- ./postgres:/var/lib/postgresql/data
traefik:
image: traefik:latest
command: --docker
ports:
- 80:80
- 443:443
labels:
- "traefik.enable=true"
- "traefik.backend=dashboard"
- "traefik.frontend.rule=Host:traefik.mydomain.com"
- "traefik.port=8080"
networks:
- gitea_net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
restart: always
server:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- internal
volumes:
- ./gitea:/data
ports:
- "3000"
- "22"
labels:
- "traefik.enabled=true"
- "traefik.backend=gitea"
- "traefik.frontend.rule=Host:gitea.mydomain.com"
- "traefik.docker.network=gitea_net"
- "traefik.port=3000"
networks:
- internal
- gitea_net
depends_on:
- db
- traefik
这是我的traefik.toml
#Traefik Global Configuration
debug = true
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable Traefik Dashboard on port 8080
#with basic authentication method
[entryPoints.dash]
address=":8080"
[entryPoints.dash.auth]
[entryPoints.dash.auth.basic]
users = [
"admin:$apr1$nw$PAVvqQK30eAdrY0l9KCnK1",
]
[api]
entrypoint="dash"
dashboard = true
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedbydefault = false
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "mark@gmail.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
我可能错了,但您的设置可能只对 2.0 之前的 Traefik 有效。
您可以通过将 docker 图片标签从 traefik:latest 更改为 traefik:1.7 来快速查看。
如果您仍然无法使其正常工作,请尝试我知道有效的设置,因为正在使用中。如果我的设置适合您,那么您可以将它与您的设置进行比较,看看您的设置如何工作。我和你的主要区别是我使用 Treafik 1.7 并且我将 Traefik 部署为服务器中的一个单独的 docker 堆栈,因为我相信这是正确的做法,至少如果你想采取优势使用它在同一台服务器上调整尽可能多的服务。
另一件需要注意的事情是,用于存储 Letsencrypt 证书的 acme.json 文件必须具有 600 权限。但是如果我没记错的话,这个权限问题不会导致 traefik 不断重启,但不确定,我在 bash script 中没有详细说明如何设置 Traefik:
# Traefik will not create the certificates if we don't fix the permissions
# for the file where it stores the LetsEncrypt certificates.
chmod 600 acme.json
version: '2.3'
services:
traefik:
image: traefik:1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
labels:
- "traefik.acme.email=${TRAEFIK_ACME_EMAIL:? Missing TRAEFIK_ACME_EMAIL env var.}"
- "traefik.docker.domain=${TRAEFIK_DOCKER_DOMAIN:? Missing TRAEFIK_DOCKER_DOMAIN env var.}"
networks:
traefik:
external: true
网络是外部的,因此您需要运行 docker network create traefik。
docker-compose.yml文件中的变量来自.envfile:
TRAEFIK_DOCKER_DOMAIN=dev.example.com
TRAEFIK_ACME_EMAIL=YOUR@EMAIL.COM
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[acme]
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
可以找到从另一个 docker-compose.yml 文件附加 docker 撰写服务的示例 here:
service-name:
....
networks:
- shipfast
- traefik
labels:
- "traefik.enable=true"
- "traefik.backend=${ENVIRONMENT:-dev}.shipfast-api"
- "traefik.docker.network=traefik"
- "traefik.port=${SHIPFAST_HTTP_PORT}"
- "traefik.frontend.rule=Host:${SHIPFAST_PUBLIC_DOMAIN:-localhost}"
.....
networks:
shipfast:
driver: "bridge"
traefik:
external: true