gpt4 book ai didi

docker - 无法使用Traefik获得正确的容器IP

转载 作者:行者123 更新时间:2023-12-02 20:00:26 26 4
gpt4 key购买 nike

当使用Traefik和Docker-compose时,我想获取容器IP来执行基于IP的过滤,而是获取docker网络网关IP。

这是curl-client容器发出的curl请求的结果:

docker-compose exec curl-client curl https://whoami.domain.name

Hostname: 608f3dcaf7d9
IP: 127.0.0.1
IP: 172.18.0.2
GET / HTTP/1.1
Host: whoami.domain.name
User-Agent: curl/7.58.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami.domain.name
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 88756553599b
X-Real-Ip: 172.18.0.1

此处172.18.0.1是traefik_net网络的网关。相反,我希望在X-Forwarded-For字段中看到172.18.0.9,因为它是curl-client容器的IP:
docker-compose exec curl-client cat /etc/hosts

172.18.0.9 34f7b6e5472f

我也尝试过使用'traefik.frontend.whiteList.useXForwardedFor = true'选项,但没有成功。

traefik.toml
logLevel = "ERROR"

defaultEntryPoints = ["http", "https"]

[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "something@aaa.com"
storage = "acme.json"
entryPoint = "https"
[acme.dnsChallenge]
provider = "ovh"
delayBeforeCheck = 0

[[acme.domains]]
main = "*.domain.name"

[docker]
domain = "domain.name"
watch = true
network = "traefik_net"

docker-compose.yml
version: '3'

services:

traefik_proxy:
image: traefik:alpine
container_name: traefik
networks:
- traefik_net
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
restart: unless-stopped
environment:
- OVH_ENDPOINT=ovh-eu
- OVH_APPLICATION_KEY=secretsecret
- OVH_APPLICATION_SECRET=secretsecret
- OVH_CONSUMER_KEY=secretsecret
labels:
- 'traefik.frontend.rule=Host:traefik.domain.name'
- 'traefik.port=8080'
- 'traefik.backend=traefik'


whoami:
image: containous/whoami
container_name: whoami
networks:
- traefik_net
labels:
- 'traefik.frontend.rule=Host:whoami.domain.name'


curl-client:
image: ubuntu
networks:
- traefik_net
command: sleep infinity



networks:
traefik_net:
external: true

编辑:使用以下dnsmasq.conf解析域名:
domain-needed
expand-hosts
bogus-priv

interface=eno1
domain=domain.name
cache-size=1024
listen-address=127.0.0.1
bind-interfaces

dhcp-range=10.0.10.10,10.0.10.100,24h
dhcp-option=3,10.0.10.1

dhcp-authoritative

server=208.67.222.222
server=208.67.220.220

address=/domain.name/10.0.10.3

最佳答案

经过一番调查后,似乎Traefik并不是这里的问题,无法访问容器IP的原因是Docker管理其内部网络的方式(请参阅以下注释:https://github.com/containous/traefik/issues/4352https://github.com/docker/for-mac/issues/180)。

通过在nework_host模式下运行openvpn容器,我能够实现将内部连接列入白名单的目标,这样,系统直接为客户端分配了IP。

关于docker - 无法使用Traefik获得正确的容器IP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54007788/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com