- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
谷歌搜索以下问题表明这不是第一次发布,但是,他们都没有真正给出答案。
在 Docker 中将 Traefik(又名 v2.2.1 又名最新版本)作为容器启动时,无论我尝试什么,对于所有配置的域,我都会不断收到以下错误:
time="2020-05-24T15:48:57Z" level=error msg="Unable to obtain ACME certificate for domains \"<my domain>\": cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:44687->127.0.0.11:53: i/o timeout" routerName=traefik@docker rule="Host(`<my domain>`)" providerName=le.acme
docker-compose.yml
对于 Traefik
version: "2"
# Manage domain access to services
services:
traefik:
container_name: traefik
image: traefik
command:
- --log.level=DEBUG
- --api.dashboard=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik_proxy
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.dnschallenge=true
- --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
# - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
restart: always
networks:
- traefik_proxy
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
#- ./acme.json:/acme.json
- ./acme_testing.json:/acme.json
environment:
CF_API_EMAIL: ${CF_API_EMAIL}
CF_API_KEY: ${CF_API_KEY}
labels:
- traefik.enable=true
- traefik.http.routers.traefik0.entrypoints=http
- traefik.http.routers.traefik0.rule=Host(`<my domain>`)
- traefik.http.routers.traefik0.middlewares=to_https
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.rule=Host(`<my domain>`)
- traefik.http.routers.traefik.middlewares=traefik_auth
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api@internal
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
- traefik.http.middlewares.traefik_auth.basicauth.users=${TRAEFIK_USERS}
# Standard middleware for other containers to use
- traefik.http.middlewares.to_https.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.permanent=true
networks:
traefik_proxy:
external: true
root@server:/opt/traefik# ls -Al
total 8
-rw------- 1 root root 0 May 24 00:37 acme.json
-rw------- 1 root root 0 May 24 00:37 acme_testing.json
-rw-rw-r-- 1 root docker 2406 May 24 18:04 docker-compose.yml
-rw-rw-r-- 1 root docker 185 May 23 23:49 .env
nslookup
外部将给出以下信息:
root@server:/opt/traefik# nslookup acme-staging-v02.api.letsencrypt.org
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
acme-staging-v02.api.letsencrypt.org canonical name = staging.api.letsencrypt.org.
staging.api.letsencrypt.org canonical name = 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com.
Name: 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Address: 172.65.46.172
Name: 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Address: 2606:4700:60:0:f41b:d4fe:4325:6026
nslookup
里面的容器将给出以下内容:
manuele@server:/opt$ docker exec -it traefik /bin/sh
/ # nslookup acme-staging-v02.api.letsencrypt.org
;; connection timed out; no servers could be reached
root@server:/opt/traefik# docker-compose up
Recreating traefik ... done
Attaching to traefik
traefik | time="2020-05-24T16:05:34Z" level=info msg="Configuration loaded from flags."
traefik | time="2020-05-24T16:05:34Z" level=info msg="Traefik version 2.2.1 built on 2020-04-29T18:02:09Z"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"<ACME Email>\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\"}}}}}"
traefik | time="2020-05-24T16:05:34Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
traefik | time="2020-05-24T16:05:34Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Start TCP Server" entryPointName=https
traefik | time="2020-05-24T16:05:34Z" level=info msg="Starting provider *acme.Provider {\"email\":\"<ACME Email>\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\"},\"ResolverName\":\"le\",\"store\":{},\"ChallengeStore\":{}}"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Start TCP Server" entryPointName=http
traefik | time="2020-05-24T16:05:34Z" level=info msg="Testing certificate renew..." providerName=le.acme
traefik | time="2020-05-24T16:05:34Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000}"
traefik | time="2020-05-24T16:05:34Z" level=info msg="Starting provider *traefik.Provider {}"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Configuration received from provider le.acme: {\"http\":{},\"tls\":{}}" providerName=le.acme
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik | time="2020-05-24T16:05:34Z" level=debug msg="No default certificate, generating one"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Provider connection established with docker 19.03.9 (API 1.40)" providerName=docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"traefik\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"traefik_auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`<my domain>`)\",\"tls\":{\"certResolver\":\"le\"}},\"traefik0\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"to_https\"],\"service\":\"traefik-traefik\",\"rule\":\"Host(`<my domain>`)\"}},\"services\":{\"traefik-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"to_https\":{\"redirectScheme\":{\"scheme\":\"https\"}},\"to_https_perm\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}},\"traefik_auth\":{\"basicAuth\":{\"users\":[\"<traefik users>\"]}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="No default certificate, generating one"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating middleware" serviceName=traefik-traefik entryPointName=http routerName=traefik0@docker middlewareName=pipelining middlewareType=Pipelining
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=traefik0@docker serviceName=traefik-traefik
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating server 0 http://172.18.0.2:80" routerName=traefik0@docker serviceName=traefik-traefik serverName=0 entryPointName=http
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Added outgoing tracing middleware traefik-traefik" middlewareType=TracingForwarder routerName=traefik0@docker entryPointName=http middlewareName=tracing
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating middleware" entryPointName=http routerName=traefik0@docker middlewareName=to_https@docker middlewareType=RedirectScheme
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Setting up redirection to https " entryPointName=http routerName=traefik0@docker middlewareName=to_https@docker middlewareType=RedirectScheme
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=traefik0@docker middlewareName=to_https@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=http middlewareName=traefik-internal-recovery
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=traefik@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating middleware" middlewareType=BasicAuth routerName=traefik@docker entryPointName=https middlewareName=traefik_auth@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Adding tracing to middleware" routerName=traefik@docker middlewareName=traefik_auth@docker entryPointName=https
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | time="2020-05-24T16:05:34Z" level=debug msg="No default certificate, generating one"
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Try to challenge certificate for domain [<my domain>] found in HostSNI rule" providerName=le.acme rule="Host(`<my domain>`)" routerName=traefik@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Looking for provided certificate(s) to validate [\"<my domain>\"]..." providerName=le.acme rule="Host(`<my domain>`)" routerName=traefik@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Domains [\"<my domain>\"] need ACME certificates generation for domains \"<my domain>\"." providerName=le.acme rule="Host(`<my domain>`)" routerName=traefik@docker
traefik | time="2020-05-24T16:05:34Z" level=debug msg="Loading ACME certificates [<my domain>]..." providerName=le.acme rule="Host(`<my domain>`)" routerName=traefik@docker
traefik | time="2020-05-24T16:05:35Z" level=debug msg="Building ACME client..." providerName=le.acme
traefik | time="2020-05-24T16:05:35Z" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=le.acme
traefik | time="2020-05-24T16:05:55Z" level=error msg="Unable to obtain ACME certificate for domains \"<my domain>\": cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:49272->127.0.0.11:53: i/o timeout" routerName=traefik@docker providerName=le.acme rule="Host(`<my domain>`)"
docker run ...
相反,让我们尝试:
docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /opt/traefik/acme_testing.json:/acme.json \
-e CF_API_EMAIL="<Cloudflare Email>" \
-e CF_API_KEY="<Cloudflare API>" \
-p 80:80 \
-p 443:443 \
--network traefik_proxy \
--name traefik \
traefik \
--log.level=DEBUG \
--api.dashboard=true \
--providers.docker=true \
--providers.docker.exposedbydefault=false \
--providers.docker.network=traefik_proxy \
--entrypoints.http.address=:80 \
--entrypoints.https.address=:443 \
--certificatesresolvers.le.acme.email="<ACME Email>" \
--certificatesresolvers.le.acme.storage=acme.json \
--certificatesresolvers.le.acme.caserver="https://acme-staging-v02.api.letsencrypt.org/directory" \
--certificatesresolvers.le.acme.dnschallenge=true \
--certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
root@server:/opt/traefik# docker exec -it traefik /bin/sh
/ # nslookup acme-staging-v02.api.letsencrypt.org
;; connection timed out; no servers could be reached
docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /opt/traefik/acme_testing.json:/acme.json \
-e CF_API_EMAIL="<Cloudflare Email>" \
-e CF_API_KEY="<Cloudflare API>" \
-p 80:80 \
-p 443:443 \
--name traefik \
traefik \
--log.level=DEBUG \
--api.dashboard=true \
--providers.docker=true \
--providers.docker.exposedbydefault=false \
--providers.docker.network=traefik_proxy \
--entrypoints.http.address=:80 \
--entrypoints.https.address=:443 \
--certificatesresolvers.le.acme.email="<ACME Email>" \
--certificatesresolvers.le.acme.storage=acme.json \
--certificatesresolvers.le.acme.caserver="https://acme-staging-v02.api.letsencrypt.org/directory" \
--certificatesresolvers.le.acme.dnschallenge=true \
--certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
root@server:/opt/traefik# docker exec -it traefik /bin/sh
/ # nslookup acme-staging-v02.api.letsencrypt.org
nslookup: write to '192.168.1.233': Connection refused
Server: 192.168.1.1
Address: 192.168.1.1:53
Non-authoritative answer:
acme-staging-v02.api.letsencrypt.org canonical name = staging.api.letsencrypt.org
staging.api.letsencrypt.org canonical name = 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Name: 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Address: 172.65.46.172
Non-authoritative answer:
acme-staging-v02.api.letsencrypt.org canonical name = staging.api.letsencrypt.org
staging.api.letsencrypt.org canonical name = 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Name: 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Address: 2606:4700:60:0:f41b:d4fe:4325:6026
root@server:/opt/traefik# ls -Al
total 12
-rw------- 1 root root 0 May 24 00:37 acme.json
-rw------- 1 root root 0 May 24 00:37 acme_testing.json
-rw-rw-r-- 1 root docker 2406 May 24 18:04 docker-compose.yml
-rw-rw-r-- 1 root docker 185 May 23 23:49 .env
最佳答案
所以,经过几个小时的修修补补,我发现这是一个存在于 docker-compose 宇宙中的问题。解决这个问题实际上非常简单。
在每个需要与外界通信的容器中添加以下内容:
version: "2"
services:
<the service>:
...
dns:
- 1.1.1.1
- 1.0.0.1
...
关于Docker Traefik 无法解析 DNS(无法到达服务器并获取证书),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61989108/
我正在尝试使用两个域和使用 Let's Encrypt 生成的证书来设置 traefik 的 dockerized 版本。 我已经修改了 traefik.toml 看起来像这样: [acme] e
traefik.frontend.rule=Host:example.com 将对 example.com 的请求重定向到该后端。那么traefik.domain有什么用呢? 最佳答案 默认前端规则为
traefik.frontend.rule=Host:example.com 将对 example.com 的请求重定向到该后端。那么traefik.domain有什么用呢? 最佳答案 默认前端规则为
我使用 docker compose(运行 swarm 模式)进行了以下设置: mydomain.com --> ContainerA:8080 但我想要的是通过标签,为同一个容器指定以下内容: my
我正在尝试使用 Traefik 在我的 Docker Swarm 模式集群中部署代理多个应用程序。 我已经得到它以便它代理一个命名的主机,但我希望它代理一个命名的主机和路径,但我无法计算出我需要使用的
我绝对爱上了 Traefik。然而,作为初学者,我想念 Nginx 风格 nginx -t来验证配置文件。 我在 docker 容器中运行 traefik,每当我更新我的配置文件(*.toml 文件)
我决定将 traefik 的版本从 1.7.x 升级到 2.2.1。 所以我遵循了上述解决方案的指导方针(https://gist.github.com/fatihyildizhan/8f124039
我们使用 traefik 来反向代理我们的微服务环境,在 Kubernetes 的 staging 和 prod 上运行,并在本地使用 docker-compose。我们正在尝试将请求代理到特定微服务
如何为日志文件启用日志轮换,例如访问.log。 这是内置的吗? 文档只说“这允许日志由外部程序旋转和处理,例如 logrotate” 最佳答案 如果您正在运行 Traefik 在 docker 容器然
我需要像这样重写我的应用程序的 URL:https://router.vuejs.org/guide/essentials/history-mode.html#example-server-confi
我需要将 SSL 连接直接发送到后端,而不是在我的 Traefik 上解密。后端需要接收https请求。 我尝试了 traefik.frontend.passTLSCert=true 选项,但是当我访
使用 docker,我尝试使用 HTTPS 端口 443 设置 traefik 后端,因此 traefik 容器和应用程序容器(apache 2.4)之间的通信将被加密。 我收到了 Internal
我有一个容器('矩阵'),基于 https://github.com/silvio/docker-matrix (虽然这可能并不重要)。 它在端口 8448 和 3478(不是 80 或 443)上运
我是 Docker 和 Traefik 的新手,所以我决定和他们一起玩一下。我试着按照这个 digital ocean 教程:https://www.digitalocean.com/communit
我有一个“服务器”设置,在容器中运行多个服务,其中 traefik 工作得很好。我想为在单独计算机上运行的服务添加虚拟主机,以便我可以访问 hassio.domain.com 并转发到该服务器。有一次
我已经将 Traefik 设置为在 Docker Swarm 模式下工作。我已使用以下命令将 Portainer 部署到集群中: docker service create
我正在从 Nginx 迁移到 Traefik 作为 Docker Swarm 的反向代理。 目前,每个带有 Bearer Token 的请求都会被发送到身份验证服务(在 Swarm 中运行的微服务),
使用 docker 容器中的 Traefix 1.2.3 版,我设置了以下文件。 traefik: image: traefik command: --web --docker --docke
我正在考虑为我的网络项目 (Kestrel/.Net Core) 将 Apache 替换为 Traefik。阅读文档后,关于 Traefik,我还有一些不清楚的地方: 1/Traefik 是否自动处理
我提前为我对 Traefik 的新手理解道歉,但有没有办法重写“非 www”域 带有基于请求的变量 ? 我已经在谷歌上搜索了一个多小时,找不到答案。 这是我如何在 Apache 中执行此操作的示例。你
我是一名优秀的程序员,十分优秀!