Traefik 仅针对安全连接返回 404 状态代码

问题描述 投票:0回答:1

出于安全原因,我想从 npm 迁移到 traefik。我找到了一个很好的在线博客来进行 traefik 的初始设置。它有效,但不是真的。看在上帝的份上,我不明白为什么。

这是我的

docker-compose.yml

services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: always
    networks:
      - proxy
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/configs:/configs:ro
      - ./data/acme.json:/acme.json:rw
      - ./data/logs:/logs:rw
    environment:
      - CF_DNS_API_TOKEN=${CFAPI}
    read_only: true
    security_opt:
      - no-new-privileges=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik-https.entrypoints=websecure
      - traefik.http.routers.traefik-https.rule=Host(`traefik.example.com`)
      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIKADMIN}
      - traefik.http.routers.traefik-https.middlewares=traefik-auth
      - traefik.http.routers.traefik-https.service=api@internal
      - traefik.http.routers.traefik-https.tls=true
      - traefik.http.routers.traefik-https.tls.certresolver=letsencrypt
      - traefik.http.routers.traefik-https.tls.domains[0].main=example.com
      - traefik.http.routers.traefik-https.tls.domains[0].sans=*.example.com

  whoami:
    image: containous/whoami:latest
    container_name: whoami
    hostname: whoami
    restart: unless-stopped
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-https.entrypoints=websecure
      - traefik.http.routers.whoami-https.rule=Host(`whoami.example.com`)
      #- traefik.http.routers.whoami-https.service=whoami
      - traefik.http.services.whoami-https.loadbalancer.server.port=80
      - traefik.http.routers.whoami-https.tls=true
      - traefik.http.routers.whoami-https.tls.certresolver=letsencrypt


networks:
  proxy:
    external: {}

静态配置文件 (

traefik.yml
) 如下所示:

api:
  dashboard: true
  insecure: true
  debug: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    http:
      tls: {}

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)"
    network: proxy
  file:
    directory: "/configs"
    watch: true

certificatesResolvers:
  http:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: web
  letsencrypt:
    acme:
      email: [email protected]
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

#serversTransport:
#    insecureSkipVerify: false

accessLog:
  filePath: "/logs/access.log"
  fields:
    headers:
      names:
        User-Agent: keep

log:
  filePath: "/logs/traefik.log"
  level: INFO

现在,当我启动堆栈并运行时,我永远无法访问以下内容:

  1. https://traefik.example.com --> 404
  2. https://serverip:443 --> 404
  3. http://服务器IP:80 --> 404
  4. https://whoami.example.com --> 404

但是我只能通过 http://serverip:8080 不安全地访问 traefik 仪表板,因为我已经设置了 

insecure=true
。有没有办法安全地到达仪表板?!我究竟做错了什么?我在日志文件或仪表板中没有看到任何错误。

现在谈谈服务本身,当我删除该行

- traefik.http.routers.whoami-https.entrypoints=websecure
时,我可以访问这两个服务:

  1. http://whoami.example.com
  2. https://whoami.example.com

我只想通过 websecure 访问 traefik 仪表板和我的服务。但这似乎不起作用。我对 traefik 正在做什么以及我做错了什么感到非常困惑?

非常感谢任何帮助!谢谢!

docker-compose cloudflare traefik
1个回答
0
投票

我不知道这是否是“最佳”解决方案,但是经过一些建议,我创建了一个中间件来将我的 http 重定向到 https。这解决了我的问题。如果有人有兴趣的话。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.