这个配置是否有效?
#logLevel = "DEBUG"
defaultEntryPoints = ["https"]
[entryPoints]
[entryPoints.https]
address = ":443"
[file]
# rules
[backends]
[backends.backend2]
[backends.backend2.servers.server1]
url = "https://google.de:443"
weight = 1
[frontends]
[frontends.frontend1]
backend = "backend2"
passHostHeader = true
passTLSCert=true
[frontends.frontend1.routes.default]
rule = "Host:search.dev"
[web]
address = ":8080"
我希望在浏览器中访问https://search.dev并查看google.com(假设search.dev解析为127.0.0.1)。 但相反,我看到了这一点:
$ docker run -p 8080:8080 -p 443:443 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
time="2017-12-05T20:39:54Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
time="2017-12-05T20:39:54Z" level=error msg="Failed to create TLSClientConfig: no TLS provided"
time="2017-12-05T20:39:54Z" level=error msg="Failed to create RoundTripper for frontend frontend1: no TLS provided"
time="2017-12-05T20:39:54Z" level=error msg="Skipping frontend frontend1..."
我特意要求traefik不要进行SSL终止:passTLSCert=true
更多细节:
Version: v1.4.4
Codename: roquefort
Go version: go1.9.2
Built: 2017-11-23_10:53:58AM
OS/Arch: linux/amd64
答案 0 :(得分:2)
值得注意的是,passTLSCert告诉Traefik将TLS客户端证书转发给后端。它不会像你希望的那样在Traefik上禁用SSL终止。
为了使您的配置正常工作,您需要指定要使用的Traefik证书。
如果您使用的是本地证书,则示例为:
#logLevel = "DEBUG"
defaultEntryPoints = ["https"]
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "example.crt"
keyFile = "example.key"
[file]
# rules
[backends]
[backends.backend2]
[backends.backend2.servers.server1]
url = "https://google.de:443"
weight = 1
[frontends]
[frontends.frontend1]
backend = "backend2"
passHostHeader = true
passTLSCert=true
[frontends.frontend1.routes.default]
rule = "Host:search.dev"
[web]
address = ":8080"