gpt4 book ai didi

docker - ACME 证书超时与 traefik

转载 作者:行者123 更新时间:2023-12-02 19:20:46 54 4
gpt4 key购买 nike

您好!

我在查找出现此错误的原因时遇到了问题。尝试用谷歌搜索它。这似乎是从容器中查找 dns 的问题。

traefik 日志错误:

time="2020-01-30T12:12:12+01:00" level=error msg="Unable to obtain ACME certificate for domains \"traefik.xyz.se\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:54773->127.0.0.11:53: i/o timeout" providerName=cloudflare.acme routerName=traefik-secure@docker rule="Host(`traefik.xyz.se`)"
time="2020-01-30T12:12:32+01:00" level=error msg="Unable to obtain ACME certificate for domains \"hivemq.xyz.se\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:53671->127.0.0.11:53: i/o timeout" rule="Host(`hivemq.xyz.se`)" providerName=cloudflare.acme routerName=hivemq-secure@docker

无法从 traefik 容器中查找 google。不知道这是否按预期工作?

/o/a/traefik> docker exec -it traefik /bin/sh
/ # nslookup google.se
nslookup: can't resolve '(null)': Name does not resolve

nslookup: can't resolve 'google.se': Try again
/ #

Traefik docker-compose.yaml

version: '3'

services:
traefik:
image: traefik:v2.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=redacted
- CF_API_KEY=redacted
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.xyz.se`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=redacted"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.xyz.se`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=xyz.se"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.xyz.se"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true

数据/traefik.yml:

api:
dashboard: true
debug: true

entryPoints:
http:
address: ":80"
https:
address: ":443"

providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml

certificatesResolvers:
cloudflare:
acme:
email: redacted
storage: acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"

服务示例(hivemq)docker-compose.yml:

version: "3"

services:
hivemq:
image: hivemq/hivemq4
container_name: hivemq
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 1883:1883
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.hivemq.entrypoints=http"
- "traefik.http.routers.hivemq.rule=Host(`hivemq.xyz.se`)"
- "traefik.http.routers.hivemq.middlewares=https-redirect@file"
- "traefik.http.routers.hivemq-secure.middlewares=secured@file"
- "traefik.http.routers.hivemq-secure.entrypoints=https"
- "traefik.http.routers.hivemq-secure.rule=Host(`hivemq.xyz.se`)"
- "traefik.http.routers.hivemq-secure.tls=true"
- "traefik.http.routers.hivemq-secure.service=hivemq"
- "traefik.http.services.hivemq.loadbalancer.server.port=8080"
- "traefik.docker.network=proxy"
networks:
- internal
- proxy

networks:
proxy:
external: true
internal:
external: false

我也尝试过重新安装 docker-ce,但没有帮助。

最佳答案

我有一个类似的问题,这是由于 Docker 的一个错误:我所有的容器都失去了与互联网的连接,但它们都已经被删除以进行维护,所以我看不到它。

在日志中,cannot get ACME client get directory 意味着 Traefik 无法连接到 Let's Encrypt url。

我通过以下方法修复了它:

  • 移除 Traefik 堆栈
  • 修剪网络以便删除 traefik-public
  • 重启Docker服务

如果还不够,可以试试这些:

  • 尝试重新启动 Docker 引擎,这将重置所有 iptables 规则(假设您在 Linux 上使用 Docker)
  • 尝试重启你的整个机器
  • 尝试禁用(临时)您机器的防火墙以验证它是否解决了问题

如此处所述:https://community.containo.us/t/cannot-create-renew-acme-certificate-cannot-get-acme-client-get-directory/2469/2

多年来,我快速浏览了有关 Docker 连接断开的错误,看起来一团糟:https://github.com/moby/moby/issues/15172

关于docker - ACME 证书超时与 traefik,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60029532/

54 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com