我们在包含3位经理的码头群中托管traefik。事情工作正常,但一周左右后我们开始不断得到这些错误:
http: TLS handshake error from 10.255.0.2:56437: tls: no cipher suite supported by both client and server
2017/07/28 06:18:17 server.go:2753: http: TLS handshake error from 10.255.0.2:44674: tls: unsupported SSLv2 handshake received
2017/07/28 06:18:26 server.go:2753: http: TLS handshake error from 10.255.0.2:48083: tls: client using inappropriate protocol fallback
2017/07/28 06:11:12 server.go:2753: http: TLS handshake error from 10.255.0.2:54382: tls: client offered an unsupported, maximum protocol version of 300
一旦我点击服务端点,我应该看到我们的应用程序JSON响应。
一旦此错误开始显示,我们的服务前端开始给出502坏网关。但并非总是如此,在10次中出现了5次502坏网关。
traefik version的输出:(您使用的是什么版本的Traefik?)
Traefik Version:
Version: v1.3.4
Codename: raclette
Go version: go1.8.3
Built: 2017-07-27_03:52:53PM
OS/Arch: linux/amd64
``` Docker版本: 客户: 版本:17.06.0-ce API版本:1.30 转到版本:go1.8.3 Git commit:02c1d87 建造:星期五6月23日21:20:36 2017 OS / Arch:linux / amd64
服务器: 版本:17.06.0-ce API版本:1.30(最低版本1.12) 转到版本:go1.8.3 Git commit:02c1d87 建造:星期五6月23日21:21:56 2017 OS / Arch:linux / amd64 实验:假 ```
traefik.toml:
toml
# traefik.toml
accessLogsFile = "log/access.log"
traefikLogsFile = "log/traefik.log"
logLevel = "INFO"
defaultEntryPoints = ["https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/etc/traefik/traefik.cert"
KeyFile = "/etc/traefik/traefik.key"
[web]
address = ":8080"
ReadOnly = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
exposedbydefault = true
swarmmode = true
我可以看到10.255.0.2作为入口的入口端点。复制入口的细节: 奇怪的是,它正在发挥作用。没有任何改变突然失败,然后出现此错误。
docker network inspect ingress。
json
[
{
"Name": "ingress",
"Id": "g91vlveu6s2u9c4tvzqdn2e8y",
"Created": "2017-07-27T10:01:09.111025266Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.255.0.0/16",
"Gateway": "10.255.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": true,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"bfdee6bece2b0750796d39533793286f599ad3f38855f4518ac545cf02048473": {
"Name": "traefik.qml805v1p6e35ewm3e6f1qko8.zbyxdt4vawobelqp8pz7lxdp5",
"EndpointID": "6e0e5f3d4c6bede800d6948aaa6da6f6b4df0e51d4e9b43c3fc9be88385e966e",
"MacAddress": "02:42:0a:ff:00:07",
"IPv4Address": "10.255.0.7/16",
"IPv6Address": ""
},
"ingress-sbox": {
"Name": "ingress-endpoint",
"EndpointID": "10adf1878e093da50c7bfe7dcda2c0c1cdb5271db9b31c49553e4a031b20244b",
"MacAddress": "02:42:0a:ff:00:02",
"IPv4Address": "10.255.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4096"
},
"Labels": {}
}
大多数情况下,我们会在重新启动计算机时看到此问题。