【发布时间】:2019-07-02 11:01:17
【问题描述】:
我正在尝试在我的 docker swarm 集群上运行一个 traefik 容器。因为我们使用的是 TLS 加密通信,所以我希望 traefik 仪表板可以通过 https 访问。
在我的浏览器中,我尝试通过 docker swarm manager 主机名通过https://my.docker.manager 访问 traefik,因此我将我的主机证书和密钥安装到 traefik 服务中。
当我尝试在浏览器中打开 https://my.docker.manager 时,出现超时。
当我尝试直接在主机 (my.docker.manager) 上 curl https://my.docker.manager 时,我得到 HTTP 代码 403 作为响应
我的 traefik 配置:
debug=true
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/certs/my.docker.manager.crt"
keyFile = "/etc/traefik/certs/my.docker.manager.key"
[entryPoints.https.tls.defaultCertificate]
certFile = "/etc/traefik/certs/my.docker.manager.crt"
keyFile = "/etc/traefik/certs/my.docker.manager.key"
[api]
address = ":8080"
[docker]
watch = true
swarmMode = true
我的 traefik 撰写文件:
version: "3.7"
services:
traefik:
image: traefik
ports:
- 80:80
- 443:443
networks:
- devops-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /mnt/docker-data/secrets/certs/:/etc/traefik/certs/
configs:
- source: traefik.conf
target: /etc/traefik/traefik.toml
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.docker.network=devops-net"
- "traefik.frontend.rule=Host:my.docker.manager"
- "traefik.port=8080"
networks:
devops-net:
driver: overlay
external: true
configs:
traefik.conf:
external: true
如本文 (https://www.digitalocean.com/community/tutorials/how-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04) 中所述,当我在浏览器中调用 https://my.docker.manager 时,我希望看到 traefik 仪表板。但我只得到一个超时。使用 curl https://my.docker.manager 时,我得到 HTTP 代码 403。除了两个不同之处外,我遵循了上述文章:
1)我没有配置凭据
2)我使用我的主机自己的证书而不是 letencrypt
【问题讨论】:
标签: docker ssl https docker-swarm traefik